CVE-2006-4097

CVE Database · CVE-2006-4097

CVE-2006-4097

· N/AModified

CVSS v3.1

N/A

EPSS

4.12%

Published

Dec 31, 2006

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Affected Products (2)

cisco · secure_access_control_servervulnerable

References (16)

http://osvdb.org/36125

http://secunia.com/advisories/23629

Vendor Advisory

http://securitytracker.com/id?1017475

http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/443108

US Government Resource

http://www.securityfocus.com/bid/21900

http://www.vupen.com/english/advisories/2007/0068

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31334

http://osvdb.org/36125

KEV Catalog EPSS Scores Vendors All CVEs