Cisco Secure Access Control System (ACS) Multiple Security Vulnerabilities
BID:53436
Info
Cisco Secure Access Control System (ACS) Multiple Security Vulnerabilities
| Bugtraq ID: | 53436 |
| Class: | Unknown |
| CVE: |
CVE-2011-3293 CVE-2011-3317 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2012 12:00AM |
| Updated: | May 09 2012 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Cisco Secure Access Control System (ACS) Multiple Security Vulnerabilities
Cisco Secure Access Control System (ACS) is prone to multiple unspecified cross-site scripting vulnerabilities, multiple unspecified cross-site request-forgery vulnerabilities, an unspecified SQL-injection vulnerability, and an unspecified security vulnerability.
Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database in the context of the server process.
Versions prior to Cisco Secure Access Control System 5.2.0.26 patch 9 are vulnerable.
Cisco Secure Access Control System (ACS) is prone to multiple unspecified cross-site scripting vulnerabilities, multiple unspecified cross-site request-forgery vulnerabilities, an unspecified SQL-injection vulnerability, and an unspecified security vulnerability.
Exploiting these issues could allow an attacker to execute arbitrary code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database in the context of the server process.
Versions prior to Cisco Secure Access Control System 5.2.0.26 patch 9 are vulnerable.
Exploit / POC
Cisco Secure Access Control System (ACS) Multiple Security Vulnerabilities
An attacker can exploit some of these issues with a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
An attacker can exploit some of these issues with a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
Cisco Secure Access Control System (ACS) Multiple Security Vulnerabilities
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.