{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Cisco Secure versions ACS 3.x ant\u00e9rieures \u00e0 la version 4.0.1.","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"VPN3000 Concentrator ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"VPN3000 Hardware Client 3.x ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Firewall Services Module (FWSM) 1.x ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco Firewall Services Module (FWSM) 2.x ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco versions Pix 6.x ant\u00e9rieures \u00e0 la version 6.3(5) ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"Cisco versions Pix 7.x ant\u00e9rieures \u00e0 la version 7.0(2) ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nLa vuln\u00e9rabilit\u00e9 pr\u00e9sente sur Cisco Secure ACS est due \u00e0 une erreur de\nconception dans le t\u00e9l\u00e9chargement des IP ACL.\n\nUn utilisateur mal intentionn\u00e9 peut, en utilisant le nom du fichier de\nt\u00e9l\u00e9chargement des IP ACL, s'authentifier au serveur d'authentification\n(RAS/NAS) et ainsi contourner la politique de s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[],"links":[{"title":"Information Cisco du 26 d\u00e9cembre 2006 :","url":"http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_fiel_notice09186a00805bf1c4.shtml"}],"reference":"CERTA-2006-AVI-004","revisions":[{"description":"version initiale.","revision_date":"2006-01-04T00:00:00.000000"}],"risks":[{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Cisco Secure ACS (Access Control Server)\npeut \u00eatre exploit\u00e9e par un utilisateur mal intentionn\u00e9 du r\u00e9seau local\npour contourner la politique de s\u00e9curit\u00e9 mise en place.\n","title":"Vuln\u00e9rabilit\u00e9 sur CISCO ACS","vendor_advisories":[{"published_at":null,"title":"Information CISCO du 26 d\u00e9cembre","url":null}]}