![]() This vulnerability has been documented in Cisco bug ID CSCui57636 ( registered customers only) for the Cisco Secure ACS and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2013-3466. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server.Ĭommands are executed in the context of the System user for Cisco Secure ACS authentication service running on Microsoft Windows.Ĭisco Secure ACS uses the standard RADIUS UDP port 1812 or 1645 for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. This vulnerability is only present when Cisco Secure ACS is configured as a RADIUS server. A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |