cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
769
Views
0
Helpful
2
Replies

ACS SE 4.2 underlying windows vulnerbilites

matthew.nicole
Level 1
Level 1

Hi,

A client of ours identified the following vulnerabilities in the Windows component of their ACS SE 4.2 1113 appliance:

Microsoft Windows Server Service Could Allow Remote Code Execution

(MS08-067)

CVE-2008-4250

QID:

90464

Category:

Windows

CVE ID:

CVE-2008-4250

Vendor Reference

MS08-067

Bugtraq ID:

31874

Detected through MSRPC Interface

Microsoft SMB Remote Code Execution Vulnerability (MS09-001)

QID:

90477

Category:

Windows

CVE ID:

CVE-2008-4834 CVE-2008-4835 CVE-2008-4114

Vendor Reference

MS09-001

Bugtraq ID:

-

Are these legitimate security concerns or are they not relevant to Cisco's implementation of the Windows component of the ACS appliance?

Or do I have to raise a TAC for further information?

2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

Hi it would be best to raise a tac case for this, I know that the acs solution engine comes with a built in CSA agent which is basically like a firewall and allows radius and tacacs communication through so I dont think it is succeptable to most of the windows flaws. With that said some of the patches do contain certian windows fixes but TAC will have to point you in the right direction as to what those fixes are.

Thanks,

Tarik Admani
*Please rate helpful posts*

Amjad Abdullah
VIP Alumni
VIP Alumni

I would agree with Tarik that Cisco TAC is the best party that you can contct.

But you can always make sure you are on the latest patch before contacting them.

I would say that if this problem is reported by a security audit then we are sure this vulnerability is exist with the ACS.

If you are copying this from somewhere then it is still probable if it is hitting the box.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: