cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
996
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

Multiple vulnerabilities affect certain versions of the Cisco Secure Access Control Server (ACS). These vulnerabilities cause specific Cisco Secure Services to crash.

These vulnerabilities are documented in Cisco bug ID CSCsd96293.

Resolution

These are the vulnerabilities and their impact on the Cisco Secure ACS services:

  • Specially Crafted Hypertext Transfer Protocol (HTTP) Get Request Vulnerability—The CSAdmin service can crash if it processes a specially crafted HTTP Get request.

  • Specially Crafted Remote Authentication Dial-In User Service (RADIUS) Accounting-Request Vulnerability—The CSRadius service can crash if it processes a specially crafted RADIUS Accounting-Request packet.

  • Specially Crafted RADIUS Access-Request Vulnerabilities—The CSRadius service can crash if it processes a specially crafted RADIUS Access-Request packet.

As a workaround, complete one of these steps:

  • Upgrade to version 4.1(1) from Cisco Downloads.

  • Refer to Cisco Downloads and install the fix for the versions 3.3 and earlier.T

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: