Cisco has a patch to fix a security flaw that could allow an attacker to bypass password protections in its Access Control System (ACS) platform.
The update would install a revision to the ACS platform, specifically the handling of the Tacas+ security protocol, company officials said.
Cisco said the flaw would potentially allow an attacker to use a specific set of characters in combination with a valid account name to cause a crash which lets the attacker bypass the authentication process and access the target system.
The company said while an attacker would need a valid user name, the technique could work on any system with the vulnerable component.
Cisco is making the patch available as a free update. There is a sense of urgency as the company and third-party security researchers are advising administrators to install the fix as soon as possible.
“Exploitation is likely very easy,” said Sans researcher Mark Baggett. “If you are using Cisco ACS for authentication you should probably take note of this announcement.”