Vulnslist

Multiple Vulnerabilities in Cisco Secure Access Control System

cisco-sa-20140115-csacs · High · Published 12 years ago · Updated 12 years ago

Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the Remote Method Invocation (RMI) interface for internode communication using TCP ports 2020 and 2030. These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other. Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs Network-based mitigations for the RMI-based vulnerabilities are outlined in the Cisco Applied Mitigation Bulletin: Identifying and Mitigating the Multiple Vulnerabilities in Cisco Secure Access Control System https://sec.cloudapps.cisco.com/security/center/viewAMBAlert.x?alertId=32120

Cisco advisory · CSAF JSON

Workarounds

Related Products