Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco ACS 绕过身份认证漏洞
Vulnerability Description
Cisco Secure Access Control Server(ACS)是美国思科(Cisco)公司的一款安全访问控制服务器。该服务器为思科智能信息网络提供基于身份的全面的访问控制解决方案。 ACS Windows和ACS Solution Engine 3.3.1在启用EAP-TLS协议时,不能正确处理已过期或不可信证书。 远程攻击者可以借助一个包含用户名等有效字段的"cryptographically correct"证书,绕过验证并获得未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A