Cisco Patches ACS Server Vulnerability

Tuesday, September 3, 2013 @ 05:09 PM gHale


Cisco patched the vulnerability in Cisco Secure Access Control Server (ACS) that a remote attacker could end up executing arbitrary commands and take complete control of the affected server.

“The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server,” Cisco said in its advisory.

RELATED STORIES
Cisco ACS Server Vulnerability
Cisco Patches Vulnerabilities in UCM
Bugs in Cisco TelePresence Systems
Cisco Patches Security Holes

The affected versions are Cisco Secure Access Control Server 4.0 through 4.2.1.15.

There are no known workarounds for this security hole. Users of affected ACS versions should install version 4.2.1.15.11, which addresses the vulnerability.

Before deploying the update, customers should check the software for feature set compatibility and known issues specific to their environments.



Leave a Reply

You must be logged in to post a comment.