CVE-2004-1099

CVE Database · CVE-2004-1099

CVE-2004-1099

· N/AModified

CVSS v3.1

N/A

EPSS

10.20%

Published

Jan 10, 2005

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.

Affected Products (3)

cisco · secure_access_control_servervulnerable

cisco · secure_acs_solution_enginevulnerable

References (8)

http://www.ciac.org/ciac/bulletins/p-028.shtml

PatchVendor Advisory

http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml

Vendor Advisory

http://www.securityfocus.com/bid/11577

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17936

http://www.ciac.org/ciac/bulletins/p-028.shtml

PatchVendor Advisory

http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml

Vendor Advisory

http://www.securityfocus.com/bid/11577

KEV Catalog EPSS Scores Vendors All CVEs