ID: IRCNE2014012073
Date: 2013-01-18
According to "computerworld", Cisco Systems has released software updates for its Cisco Secure Access Control System (ACS) in order to patch three vulnerabilities that could give remote attackers administrative access to the platform and allow them to execute OS-level commands without authorization.
Cisco ACS is a server appliance that enforces access control policies for both wireless and wired network clients. It's managed through a Web-based user interface and supports the RADIUS (Remote Access Dial In User Service) and TACACS+ (Terminal Access Controller Access-Control System Plus) protocols.
Versions of the Cisco Secure ACS software older than 5.5 contain two vulnerabilities in the RMI (Remote Method Invocation) interface that's used for communication between different ACS deployments and listens on TCP ports 2020 and 2030.
There are no configuration workarounds available to mitigate these vulnerabilities, so updating the software to the new versions released by Cisco is recommended.
Related Link:
Backdoor exposed in Cisco small business devices
- 3