Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0561

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.

Published

2006-05-10T02:14:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	secure_access_control_server	3.0	Yes
Application	cisco	secure_access_control_server	3.0.1	Yes
Application	cisco	secure_access_control_server	3.0.3	Yes
Application	cisco	secure_access_control_server	3.1	Yes
Application	cisco	secure_access_control_server	3.1.1	Yes
Application	cisco	secure_access_control_server	3.2	Yes
Application	cisco	secure_access_control_server	3.2	Yes
Application	cisco	secure_access_control_server	3.3	Yes

References

http://securitytracker.com/id?1016042 Patch ([email protected])
http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml Patch ([email protected])
http://www.osvdb.org/25892 ([email protected])
http://www.securityfocus.com/archive/1/433286/100/0/threaded Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/433301/100/0/threaded Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/16743 Patch ([email protected])
http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt Patch, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/1741 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/26307 ([email protected])
http://securitytracker.com/id?1016042 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/25892 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/433286/100/0/threaded Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/433301/100/0/threaded Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16743 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1741 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26307 (af854a3a-2127-422b-91ae-364da2661108)