SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Cisco Secure Access Control System Vendors:   Cisco
Cisco Secure Access Control Server Lets Remote Users Access the Administrative Interface or Deny Service
SecurityTracker Alert ID:  1011065
SecurityTracker URL:  http://securitytracker.com/id/1011065
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 25 2004
Impact:   Denial of service via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.2 i, 3.2(2) build 15, and 3.2(3)
Description:   Several vulnerabilities were reported in the Cisco Secure Access Control Server for Windows and the Cisco Secure Access Control Server Solution Engine. A remote user can cause denial of service conditions. A remote user can hijack an administrative session.

The vendor reported that a remote user can flood the CSAdmin web-based management interface (tcp/2002) with TCP connections to cause the ACS Windows and ACS Solution Engine to stop responding to new connections on that port. The processing of authentication related requests may also become unstable and stop responding. A reboot is required to restore the system to normal operations. Cisco has assigned Bug ID CSCeb60017 and CSCec66913 to this vulnerability.

When Cisco Secure ACS is configured to accept Light Extensible Authentication Protocol (LEAP) RADIUS Proxy authentication, the device may crash when processing LEAP authentication requests. A reboot is required. Cisco has assigned Bug ID CSCec90317 to this vulnerability.

A remote user can authenticate to the system with a blank password if Cisco Secure ACS is using anonymous bind on a Novell Directory Services (NDS) server. Cisco has assigned Bug ID CSCed81716 to this vulnerability.

A remote user can spoof the IP address of an authenticated administrative user (that is using the admininistrative interface on tcp/2002) and access a random port used by the administrative interface to gain access to the administrative interface without having to authenticate. Cisco has assigned Bug ID CSCef05950 to this vulnerability.

Cisco Secure ACS for UNIX is not affected.

Impact:   A remote user can cause the system to crash.

A remote user can deny service to the administrative interface.

A remote user can authenticate to the system with a blank password in certain cases.

A remote user can hijack an administrative session.

Solution:   Cisco has released the following fixed versions for ACS Windows and ACS Solution Engine:

003.002(002.020)
003.002(002.005)

Cisco has released the following fixed version for ACS Solution Engine:

003.002(003.011)

See the Cisco advisory for a patch matrix, available at:

http://www.cisco.com/en/US/products/products_security_advisory09186a00802a9d51.shtml

Vendor URL:  www.cisco.com/en/US/products/products_security_advisory09186a00802a9d51.shtml (Links to External Site)
Cause:   Authentication error, Exception handling error, Resource error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC