Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities

cisco-sa-20080312-ucp · Medium · Published · Updated

Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application and reported to Cisco by Felix 'FX' Lindner, Recurity Labs GmbH. The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed. The second set of vulnerabilities address cross-site scripting in the UCP application pages. Both sets of vulnerabilities could be remotely exploited, and do not require valid user credentials. Cisco has released a free software update for UCP that addresses these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080312-ucp.

Cisco advisory · CSAF JSON

Workarounds

No workaround information imported yet.

CVEsCVE-2008-0532, CVE-2008-0533
Cisco Bug IDsNA
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Secure Access Control Server (ACS) for Windows, Cisco User-Changeable Password Utility (UCP)

Related Products

Product CVE Evidence
Cisco User-Changeable Password Utility (UCP) CVE-2008-0533 Cisco OpenVuln
Cisco User-Changeable Password Utility (UCP) CVE-2008-0532 Cisco OpenVuln
Cisco Secure Access Control Server (ACS) for Windows CVE-2008-0533 Cisco OpenVuln
Cisco Secure Access Control Server (ACS) for Windows CVE-2008-0532 Cisco OpenVuln