The Hacker News

on Friday, 30 August 2013
 

 

The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

CISCO vulnerability allows remote attacker to take control of Windows system
8/30/2013 5:30:00 PM

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system.

Cisco Secure ACS is an application that allows companies to centrally manage access to network resources for various types of devices and users. 

The reported flaw affects Cisco Secure ACS for Windows versions 4.0 through 4.2.1.15. Successful exploitation requires that Cisco Secure Access Control Server is configured as a RADIUS server EAP-FAST authentication.

The Cisco Security advisory said:

"The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server,"

The newly patched vulnerability is identified as CVE-2013-3466 and received the maximum severity score, 10.0 in the Common Vulnerability Scoring System (CVSS).

Cisco has released free software updates that address the vulnerability described in this advisory. This vulnerability is first fixed in Cisco Secure ACS for Windows release 4.2.1.15.11.

Latest Hacking News Updates

Author details

photo of Mohit Kumar

aka 'Unix Root' is Founder and Editor-in-chief of 'The Hacker News'. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. Follow him @ Twitter | LinkedIn | | | Facebook Profile

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)