CVE-2013-3466

Cisco Secure Access Control Server - Authentication Bypass

Title source: rule

Description

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.

References (3)

Scores

EPSS 0.0072
EPSS Percentile 72.3%

Classification

CWE
CWE-287
Status draft

Affected Products (10)

cisco/secure_access_control_server < 4.2.1.15.10
cisco/secure_access_control_server
cisco/secure_access_control_server
cisco/secure_access_control_server
cisco/secure_access_control_server
cisco/secure_access_control_server
cisco/secure_access_control_server
cisco/secure_access_control_server
cisco/secure_access_control_server
cisco/secure_access_control_server

Timeline

Published Aug 29, 2013
Tracked Since Feb 18, 2026