Core issue
Multiple vulnerabilities affect certain versions of the Cisco Secure Access Control Server (ACS). These vulnerabilities cause specific Cisco Secure Services to crash.
These vulnerabilities are documented in Cisco bug ID CSCsd96293.
Resolution
These are the vulnerabilities and their impact on the Cisco Secure ACS services:
Specially Crafted Hypertext Transfer Protocol (HTTP) Get Request Vulnerability—The CSAdmin service can crash if it processes a specially crafted HTTP Get request.
Specially Crafted Remote Authentication Dial-In User Service (RADIUS) Accounting-Request Vulnerability—The CSRadius service can crash if it processes a specially crafted RADIUS Accounting-Request packet.
Specially Crafted RADIUS Access-Request Vulnerabilities—The CSRadius service can crash if it processes a specially crafted RADIUS Access-Request packet.
As a workaround, complete one of these steps:
Upgrade to version 4.1(1) from Cisco Downloads.
Refer to Cisco Downloads and install the fix for the versions 3.3 and earlier.T