Vulnerability Name:

CVE-2008-2441 (CCN-44871)

Assigned:2008-09-03
Published:2008-09-03
Updated:2018-10-11
Summary:Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P)
2.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-2441

Source: CCN
Type: SA31731
Cisco Secure ACS EAP Packet Denial of Service

Source: SECUNIA
Type: UNKNOWN
31731

Source: SREASON
Type: UNKNOWN
4216

Source: CCN
Type: SECTRACK ID: 1020814
Cisco Secure Access Control Server Bug in Processing RADIUS EAP Packets Lets Remote Users Deny Service

Source: CCN
Type: cisco-sr-20080903-csacs
Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability

Source: CISCO
Type: UNKNOWN
20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability

Source: CCN
Type: OSVDB ID: 47917
Cisco Secure ACS Crafted RADIUS EAP Packet Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20080903 Cisco Secure ACS EAP Parsing Vulnerability

Source: BID
Type: UNKNOWN
30997

Source: CCN
Type: BID-30997
Cisco Secure ACS EAP-Response Packet Parsing Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020814

Source: XF
Type: UNKNOWN
cisco-sacs-eap-dos(44871)

Source: XF
Type: UNKNOWN
cisco-sacs-eap-dos(44871)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:secure_acs:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:secure_access_control_server:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:secure_acs:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco secure acs *
    cisco secure access control server *
    cisco secure access control server *
    cisco secure acs *