Cisco patched the vulnerability in Cisco Secure Access Control Server (ACS) that a remote attacker could end up executing arbitrary commands and take complete control of the affected server.

“The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server,” Cisco said in its advisory.

Cisco ACS Server Vulnerability
Cisco Patches Vulnerabilities in UCM
Bugs in Cisco TelePresence Systems
Cisco Patches Security Holes

The affected versions are Cisco Secure Access Control Server 4.0 through

There are no known workarounds for this security hole. Users of affected ACS versions should install version, which addresses the vulnerability.

Schneider Bold

Before deploying the update, customers should check the software for feature set compatibility and known issues specific to their environments.

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This