Cisco Security Advisory: Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router. This advisory documents multiple Denial of Service (DoS) and authentication related vulnerabilities for the ACS Windows and the ACS Solution Engine servers.
6d030f78d216fb45b19f09f3821fa9cf7f724e6ed2a399b433e61b09fafd0dcc
<html>
<head>
<META NAME="Repository" CONTENT="CCEWP">
<META NAME="author" CONTENT="ewpadmin">
<META NAME="SearchPublicationDate" CONTENT="Wed, 25 Aug 2004 15:51:29 GMT">
<META NAME="FileOwner" CONTENT="ewpadmin">
<META NAME="FileName" CONTENT="cisco-sa-20040825-acs.shtml">
<META NAME="Folder" CONTENT="/warp/public/707">
<META NAME="Object_ID" CONTENT="14810769">
<META NAME="Chronicle ID" CONTENT="14810723">
<META NAME="Revision" CONTENT="/main/CCO-NEW/2">
<META NAME="CCOCategoryType" CONTENT="">
<META NAME="PubDate" CONTENT="Wed, 25 Aug 2004 16:35:57 GMT">
<META NAME="PushDate" CONTENT="Wed, 25 Aug 2004 16:36:24 GMT">
<META NAME="ParentTree" CONTENT="/warp/public/707">
<META NAME="Parents" CONTENT="/warp/public/707">
<META NAME="EncodeDesc" CONTENT="">
<META NAME="Language" CONTENT="">
<META NAME="country" CONTENT="">
<META NAME="language" CONTENT="">
<META NAME="date" CONTENT="Wed Aug 25 09:36:38 PDT 2004">
<META NAME="audience" CONTENT="support">
<META NAME="contributors" CONTENT="ovanjara">
<META NAME="coverage" CONTENT="US">
<META NAME="creator" CONTENT="hingst">
<META NAME="date.created" CONTENT="08-24-2004">
<META NAME="date.expires" CONTENT="01-01-2037">
<META NAME="date.modified" CONTENT="08-25-2004">
<META NAME="identifier" CONTENT="http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml">
<META NAME="maintainers" CONTENT="psirt">
<META NAME="reviewers" CONTENT="">
<META NAME="publishers" CONTENT="hingst">
<META NAME="security" CONTENT="External">
<META NAME="size" CONTENT="25348">
<META NAME="subject.primary" CONTENT="Products">
<META NAME="title" CONTENT="Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server">
<META NAME="type.information" CONTENT="Product Security Advisory">
<META NAME="type.problem" CONTENT="Performance">
<META NAME="roadMap" CONTENT="">
<META NAME="document.id" CONTENT="61603">
<title>Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server</TITLE>
<!-- source by ovanjara-->
<!--posted to
CCO by hingst on 08/25/2004-->
</HEAD>
<body bgcolor="#FFFFFF">
<br />
<h1>Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server</H1><H3>Document ID: 61603</H3>
<h2>Revision 1.1</H2>
<h3>
<a href="#revision">Last Updated</A> 2004 August 25 1630 UTC
(GMT)</H3>
<h3>For Public Release 2004 August 25 1600 UTC (GMT)</H3>
<hr />
<h3>Please provide your <a href="#feedback">feedback</A> on this document.</H3>
<hr />
<h2>Contents</H2>
<blockquote>
<b>
<a href="#summary">Summary</A>
</B>
<br />
<b>
<a href="#affected">Affected Products</A>
</B>
<br />
<b>
<a href="#details">Details</A>
</B>
<br />
<b>
<a href="#impact">Impact</A>
</B>
<br />
<b>
<a href="#software">Software Versions and Fixes</A>
</B>
<br />
<b>
<a href="#fixes">Obtaining Fixed Software</A>
</B>
<br />
<b>
<a href="#workarounds">Workarounds</A>
</B>
<br />
<b>
<a href="#exploitation">Exploitation and Public Announcements</A>
</B>
<br />
<b>
<a href="#status">Status of This Notice: FINAL</A>
</B>
<br />
<b>
<a href="#distribution">Distribution</A>
</B>
<br />
<b>
<a href="#revision">Revision History</A>
</B>
<br />
<b>
<a href="#secpro">Cisco Security Procedures</A>
</B>
<br />
</BLOCKQUOTE>
<hr />
<h2>
<a name="summary">Summary</A>
</H2>
<p>Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco
Secure Access Control Server Solution Engine (ACS Solution Engine) provide
authentication, authorization, and accounting (AAA) services to network devices
such as a network access server, Cisco PIX and a router. This advisory
documents multiple Denial of Service (DoS) and authentication related
vulnerabilities for the ACS Windows and the ACS Solution Engine servers.</P>
<p>The vulnerabilities are documented as these Cisco bug IDs:</P>
<ul>
<li>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb60017">CSCeb60017</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
<br />
</LI>
<li>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec66913">CSCec66913</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
<br />
</LI>
<li>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec90317">CSCec90317</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
<br />
</LI>
<li>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed81716">CSCed81716</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
<br />
</LI>
<li>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef05950">CSCef05950</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
<br />
</LI>
</UL>
<p>This advisory will be posted at
<a href="http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml">http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml</A>.</P>
<h2>
<a name="affected">Affected Products</A>
</H2>
<h3>
<a name="vps"> Vulnerable Products </A>
</H3> <ul>
<li>
Versions 3.2(3) and earlier are vulnerable to
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef05950">CSCef05950</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
and
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed81716">CSCed81716</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
.<br />
</LI>
<li>
Version 3.2(2) build 15 is vulnerable to
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb60017">CSCeb60017</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
.<br />
</LI>
<li>
Version 3.2 is vulnerable to
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec90317">CSCec90317</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
and
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec66913">CSCec66913</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
.<br />
</LI>
<li> </LI>
</UL>
<p>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed81716">CSCed81716</A>
is only applicable to the ACS Solution Engine.</P>
<p> Successfully authenticate to your ACS box to determine your software
revision. After you perform the authentication, the first screen displays the
current ACS version in this format—<tt>CiscoSecure ACS Release
3.2(3) Build 11</TT>.</P>
<p>ACS versions may also be displayed as 003.002(003.011), where "011" is
the build number referenced on the ACS graphical user interface (GUI).</P>
<h3>
<a name="nonvulnerable">Products Confirmed Not Vulnerable</A>
</H3>
<p>Cisco Secure ACS for UNIX is not affected by these vulnerabilities. No
other Cisco products are currently known to be affected by these
vulnerabilities.</P>
<h2>
<a name="details">Details</A>
</H2>
<p>The Cisco Secure ACS products provide a centralized identity networking
solution and simplified user management experience across all Cisco devices and
security management applications. The products help to ensure enforcement of
assigned policies—they allow network administrators to control who can log into
the network, per user privileges in the network, security auditing and billing
information, and command level access controls.</P> <ul>
<li>
<b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb60017">CSCeb60017</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B> and <b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec66913">CSCec66913</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B> -- Cisco Secure ACS provides a
Web-based management interface, termed CSAdmin, which listens on TCP port 2002.
When flooded with TCP connections the ACS Windows and ACS Solution Engine stops
responding to any new TCP connections destined for port 2002. Additionally,
services on the ACS that process authentication related requests may become
unstable and stop responding, which hampers the ability for ACS to process any
authentication related requests. A reboot of the device is required to restore
these services.<br /> </LI>
<li>
<b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec90317">CSCec90317</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B> -- Cisco Secure ACS, when
configured for Light Extensible Authentication Protocol (LEAP) RADIUS Proxy,
forwards LEAP authentication requests to a secondary RADIUS server. The ACS
device with LEAP RADIUS proxy configured may crash when LEAP authentication
requests are being processed. A reboot is required to bring the device back to
an operational state.<br /> </LI>
<li>
<b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed81716">CSCed81716</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B> -- Cisco Secure ACS can
communicate with external databases and authenticate users against those
databases. One of the external databases that ACS supports is Novell Directory
Services (NDS). If an anonymous bind in NDS is allowed, and if the ACS Solution
Engine is authenticating NDS users with NDS as the external database and not
Generic LDAP, then users are able to authenticate with blank passwords against
that NDS database. However, wrong passwords and incorrect usernames are
properly rejected.<br /> </LI>
<li>
<b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef05950">CSCef05950</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B> -- Once a user successfully
authenticates to the ACS GUI on TCP port 2002, a separate TCP connection is
created between the browser and ACS administration Web service, with a random
destination port. If an attacker spoofs the IP address of the user computer,
and accesses the ACS GUI on this random port, then the attacker may be able to
connect to the ACS GUI, bypassing authentication. Authentication to the ACS
server may also be bypassed if the attacker is behind the same PAT device as
that of the ACS user and accesses the ACS GUI on this random
port.<br />
</LI>
</UL>
<h2>
<a name="impact">Impact</A>
</H2>
<ul>
<li>
<b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb60017">CSCeb60017</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B>, <b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec66913">CSCec66913</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B>, and <b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec90317">CSCec90317</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B> -- These vulnerabilities may
cause a crash impacting the availability of services on the ACS devices. Until
the device is rebooted a DoS is the result.<br /> </LI>
<li>
<b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed81716">CSCed81716</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B> -- This vulnerability may allow
unauthorized users to access AAA clients without an effective password (using
blank passwords) if the bind to the NDS database is anonymous.<br />
</LI>
<li>
<b>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef05950">CSCef05950</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</B> -- This vulnerability may allow
unauthenticated users to gain access to the ACS Administration GUI.<br />
</LI>
</UL>
<h2>
<a name="software">Software Versions and Fixes</A>
</H2>
<table bgcolor="#FFFFFF" cellpadding="3" cellspacing="1" border="1" width="60%">
<tr>
<th height="" width="" bgcolor="CCCCFF" colspan="1" rowspan="1">
<p>DDTs Bug ID</P>
</TH>
<th height="" width="" bgcolor="CCCCFF" colspan="1" rowspan="1">
<p>Fixed Versions </P>
</TH>
<th height="" width="" bgcolor="CCCCFF" colspan="1" rowspan="1">
<p>Platform </P>
</TH>
</TR>
<tr>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb60017">CSCeb60017</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>003.002(002.020) or later</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>ACS Windows and ACS Solution Engine</P>
</TD>
</TR>
<tr>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec66913">CSCec66913</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>003.002(002.020) or later</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>ACS Windows and ACS Solution Engine</P>
</TD>
</TR>
<tr>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec90317">CSCec90317</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>003.002(002.005) or later</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>ACS Windows and ACS Solution Engine</P>
</TD>
</TR>
<tr>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed81716">CSCed81716</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>003.002(003.011) or later</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>ACS Solution Engine only</P>
</TD>
</TR>
<tr>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef05950">CSCef05950</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>There are patches available to address this vulnerability. See
the <a href="#withservice">Customers with Service Contracts</A>
section below for details on the location of these patches.</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>ACS Windows and ACS Solution Engine</P>
</TD>
</TR>
</TABLE>
<p />
<p>Upgrade procedures can be found as indicated: </P> <ul>
<li>
ACS Windows 3.3:
<a href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_installation_guide09186a0080238b18.html#wp998991">http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_installation_guide09186a0080238b18.html#wp998991</A>
<br />
</LI>
<li>
ACS Windows 3.2:
<a href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_installation_guide09186a0080184928.html#wp9472">http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_installation_guide09186a0080184928.html#wp9472</A>
<br />
</LI>
<li>
ACS Solution Engine:
<a href="http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080204d45.html#wp911224">http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080204d45.html#wp911224</A>
<br />
</LI>
</UL>
<h2>
<a name="fixes">Obtaining Fixed Software</A>
</H2>
<h3>
<a name="withservice">Customers with Service Contracts</A>
</H3>
<p>Customers with contracts should obtain upgraded software through their
regular update channels. For most customers, this means that upgrades should be
obtained through the Cisco Product Upgrade Tool at:
<a href="http://www.cisco.com/upgrade">http://www.cisco.com/upgrade</A>.
</P>
<p>Alternatively, Cisco Technical Assistance Center (TAC) can be contacted
to get code upgrades for
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb60017">CSCeb60017</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
,
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec66913">CSCec66913</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
,
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec90317">CSCec90317</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
, and
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed81716">CSCed81716</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
. TAC contacts are:</P> <ul>
<li>
+1 800 553 2447 (toll free from within North America) <br />
</LI>
<li>
+1 408 526 7209 (toll call from anywhere in the world) <br />
</LI>
<li>
e-mail: <a href="mailto:tac@cisco.com">tac@cisco.com</A> <br />
</LI> </UL>
<p>To address
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef05950">CSCef05950</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
, download the patch for your respective
versions from: </P>
<p>Public Location:</P>
<p>ACS Windows:
<a href="http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win">http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win</A>
</P>
<p>Registered Users:</P>
<p>ACS Windows:
<a href="http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win?psrtdcat20e2">http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win?psrtdcat20e2</A>
</P>
<p>ACS Solution Engine:
<a href="http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des?psrtdcat20e2">http://www.cisco.com/pcgi-bin/tablebuild.pl/acs-soleng-3des?psrtdcat20e2</A>
</P>
<h3>
<a name="thirdparty">Customers using Third-party Support Organizations </A>
</H3>
<p>Customers whose Cisco products are provided or maintained through prior
or existing agreement with third-party support organizations such as Cisco
Partners, authorized resellers, or service providers should contact that
support organization for assistance with the upgrade, which should be free of
charge.</P>
<h3>
<a name="without">Customers without Service Contracts </A>
</H3>
<p> Customers who purchase direct from Cisco but who do not hold a Cisco
service contract and customers who purchase through third-party vendors but are
unsuccessful at obtaining fixed software through their point of sale should get
their upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC
contacts are as follows. </P>
<ul>
<li>
+1 800 553 2447 (toll free from within North America)
<br />
</LI>
<li>
+1 408 526 7209 (toll call from anywhere in the world)
<br />
</LI>
<li>
e-mail: <a href="mailto:tac@cisco.com">tac@cisco.com</A>
<br />
</LI>
</UL>
<p>Please have your product serial number available and give the URL of
this notice as evidence of your entitlement to a free upgrade. Free upgrades
for non-contract customers must be requested through the TAC. </P>
<p>Please do not contact either "psirt@cisco.com" or
"security-alert@cisco.com" for software upgrades. </P>
<h2>
<a name="workarounds">Workarounds</A>
</H2>
<ul>
<li>
Configure an IP address filter on ACS Windows and ACS Solution Engine
to limit the exposure of these vulnerabilities. From within the ACS GUI, browse
to <b>Administration Control</B> > <b>Access Policy</B>
to limit access to only the machines that need to administer the ACS
remotely.<br />
</LI>
<li>
Apply access control lists (ACLs) on routers, switches and firewalls
that filter traffic to the ACS so that traffic is only allowed from stations
that need to remotely administer the box. Refer to
<a href="http://www.cisco.com/warp/public/707/tacl.html">http://www.cisco.com/warp/public/707/tacl.html</A>
for examples on how to apply ACLs on Cisco routers.<br />
</LI>
<li>
As a best practice, use HTTPS to limit access to the Cisco ACS GUI.
Issues detailed in
<a href="http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef05950">CSCef05950</A>
(<font size="-1">
<a href="http://tools.cisco.com/RPF/register/register.do">registered</A> customers only</FONT>)
still exist when you use HTTP instead of
HTTPS to access the Cisco ACS GUI. <br />
</LI>
</UL>
<p>Refer to
<a href="http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/a.htm#wp89030">http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/a.htm#wp89030</A>
for information on how to set up an access policy on the Cisco ACS.</P>
<h2>
<a name="exploitation">Exploitation and Public Announcements</A>
</H2>
<p>The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory. </P>
<h2>
<a name="status">Status of This Notice: FINAL</A>
</H2>
<Concept>
<Para>THIS ADVISORY IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY. YOUR USE OF THE INFORMATION ON THE ADVISORY OR MATERIALS LINKED FROM THE ADVISORY IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS NOTICE AT ANY TIME.</PARA>
</CONCEPT> <h2>
<a name="distribution">Distribution</A>
</H2>
<p>This advisory will be posted on Cisco's worldwide website at
<a href="http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml">http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml</A>.</P>
<p>In addition to worldwide web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail
and Usenet news recipients.</P>
<ul>
<li>
cust-security-announce@cisco.com<br />
</LI>
<li>
first-teams@first.org (includes CERT/CC)<br />
</LI>
<li>
bugtraq@securityfocus.com<br />
</LI>
<li>
vulnwatch@vulnwatch.org<br />
</LI>
<li>
cisco@spot.colorado.edu<br />
</LI>
<li>
cisco-nsp@puck.nether.net<br />
</LI>
<li>
full-disclosure@lists.netsys.com<br />
</LI>
<li>
comp.dcom.sys.cisco@newsgate.cisco.com<br />
</LI>
</UL>
<p>Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on mailing lists or
newsgroups. Users concerned about this problem are encouraged to check the
above URL for any updates. </P>
<h2>
<a name="revision">Revision History</A>
</H2>
<table bgcolor="#FFFFFF" cellpadding="3" cellspacing="1" border="1" width="60%">
<tr>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>Revision 1.1</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>2004-August-25</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>Changed URLs in the Obtaining Fixed Software
section.</P>
</TD>
</TR>
<tr>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>Revision 1.0</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>2004-August-25</P>
</TD>
<td height="" width="" bgcolor="FFFFFF" colspan="1" rowspan="1">
<p>Initial public release.</P>
</TD>
</TR>
</TABLE>
<p />
<h2>
<a name="secpro">Cisco Security Procedures</A>
</H2>
<p>Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering to
receive security information from Cisco, is available on Cisco's worldwide
website at
<a href="http://www.cisco.com/warp/public/707/sec_incident_response.shtml">http://www.cisco.com/warp/public/707/sec_incident_response.shtml</A>.
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
<a href="http://www.cisco.com/go/psirt">http://www.cisco.com/go/psirt</A>.
</P>
<p />
<hr />
<p />
</BODY>
</HTML>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed