A critical vulnerability has been discovered in Cisco Secure ACS which allows a remote attacker to gain complete control of a vulnerable device.
The successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to execute arbitrary commands and take full control of the operating system that hosts the Cisco Secure Access Control Server application in the context of the System user for Cisco Secure ACS running on Microsoft Windows. The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication.
This is a very critical issue because the attacker doesn’t need any form of authentication as per the release. Cisco also scores this vulnerability of CVSS score of 10 which no fix at this point in time. As per Cisco, this was reported by Brad Antoniewicz from McAfee & Found stone Professional Services.
CSCui57636 – Cisco Secure Access Control Server Remote Command Execution Vulnerability Calculate the environmental score of CSCui57636 |
||||||
CVSS Base Score – 10.0 | ||||||
Access Vector | Access Complexity | Authentication | Confidentiality Impact | Integrity Impact | Availability Impact | |
Network | Low | None | Complete | Complete | Complete | |
CVSS Temporal Score – 8.3 | ||||||
Exploitability | Remediation Level | Report Confidence | ||||
Functional | Official-Fix | Confirmed |
From : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs