{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1016369", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016369"}, {"name": "26825", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26825"}, {"name": "1157", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1157"}, {"name": "cisco-acs-session-spoofing(27328)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"}, {"name": "ADV-2006-2524", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2524"}, {"name": "20816", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20816"}, {"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"}, {"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"}, {"name": "18621", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18621"}, {"name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1016369", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016369"}, {"name": "26825", "refsource": "OSVDB", "url": "http://www.osvdb.org/26825"}, {"name": "1157", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1157"}, {"name": "cisco-acs-session-spoofing(27328)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"}, {"name": "ADV-2006-2524", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2524"}, {"name": "20816", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20816"}, {"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"}, {"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"}, {"name": "18621", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18621"}, {"name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:23:21.118Z"}, "title": "CVE Program Container", "references": [{"name": "1016369", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016369"}, {"name": "26825", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26825"}, {"name": "1157", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1157"}, {"name": "cisco-acs-session-spoofing(27328)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"}, {"name": "ADV-2006-2524", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2524"}, {"name": "20816", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20816"}, {"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"}, {"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"}, {"name": "18621", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18621"}, {"name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3226", "datePublished": "2006-06-26T16:00:00", "dateReserved": "2006-06-26T00:00:00", "dateUpdated": "2024-08-07T18:23:21.118Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0:*:windows:*:*:*:*:*", "matchCriteriaId": "FE1B1FFE-25B4-465B-8816-BB8F3C028EEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*", "matchCriteriaId": "85E5B98E-72EB-4AB5-BC55-4392D22B30BA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""}, {"lang": "es", "value": "Cisco Secure Access Control Server (ACS) v4.x para Windows usa la direcci\u00f3n IP de cliente y el n\u00famero de puerto del servidor para otorgar acceso al puerto HTTP server para una sesi\u00f3n de administraci\u00f3n, lo que permite a atacantes remoso superar la autenticaci\u00f3n a trav\u00e9s de varios m\u00e9todos, conocido como \"ACS Weak Session Management Vulnerability.\""}], "id": "CVE-2006-3226", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-26T16:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20816"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1157"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016369"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26825"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18621"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2524"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20816"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1157"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016369"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/26825"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}