The Hacker News Logo
Subscribe to Newsletter

CISCO vulnerability allows remote attacker to take control of Windows system

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system.
Cisco Secure ACS is an application that allows companies to centrally manage access to network resources for various types of devices and users. 

The reported flaw affects Cisco Secure ACS for Windows versions 4.0 through 4.2.1.15. Successful exploitation requires that Cisco Secure Access Control Server is configured as a RADIUS server EAP-FAST authentication.

The Cisco Security advisory said:
The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server,”

The newly patched vulnerability is identified as CVE-2013-3466 and received the maximum severity score, 10.0 in the Common Vulnerability Scoring System (CVSS).

Cisco has released free software updates that address the vulnerability described in this advisory. This vulnerability is first fixed in Cisco Secure ACS for Windows release 4.2.1.15.11.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.