CVE-2006-4098

critical Cisco
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
15.8%
Exploitation probability in 30 days
Top 5% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: December 31, 2006 (7074 days ago)
Last Modified: April 23, 2026
Vendor: Cisco
Source: NVD

Description

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.

CWE

NVD-CWE-Other

Affected Products

cisco secure access control server

References

🔗 osvdb.org 🔗 secunia.com 🔗 securitytracker.com 🔗 www.cisco.com 🔗 www.kb.cert.org