CVE-2004-1099

critical

Cisco

CVSS v3 Base Score

10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

2.2%

Exploitation probability in 30 days

Top 16% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: January 10, 2005 (7794 days ago)

Last Modified: April 16, 2026

Vendor: Cisco

Source: NVD

Description

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.

CWE

NVD-CWE-Other

Affected Products

cisco secure access control servercisco secure acs solution engine

References

🔗 www.ciac.org 🔗 www.cisco.com 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com 🔗 www.ciac.org

CVE-2004-1099

Vulnerability Report

Description

CWE

Affected Products

References