what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CiscoACSvuln.txt

CiscoACSvuln.txt
Posted Jun 27, 2006
Authored by Darren Bounds

A vulnerability has been identified in the Cisco Secure ACS session management architecture which could be exploited by an attacker to obtain full administrative access to the web interface and thus all managed assets (routers, switches, 802.1x authenticated networks, etc). Cisco Secure ACS 4.x for Windows is affected. Legacy versions may also be affected.

tags | advisory, web
systems | cisco, windows
SHA-256 | fbf80693021296569355b9ad54cadd3aa96fd503cd199519dd68a9b42c2c781e

CiscoACSvuln.txt

Change Mirror Download
Cisco Secure ACS Weak Session Management Vulnerability
June 23, 2006

Product Overview:
Cisco Secure Access Control Server (ACS) provides a centralized
identity networking solution and simplified user management experience
across all Cisco devices and security management applications.

Cisco Secure ACS is a major component of Cisco trust and identity
networking security solutions. It extends access security by combining
authentication, user and administrator access, and policy control from
a centralized identity networking framework, thereby allowing greater
flexibility and mobility, increased security, and user productivity
gains.

Vulnerability Details:
A vulnerability has been identified in the Cisco Secure ACS session
management architecture which could be exploited by an attacker to
obtain full administrative access to the web interface and thus all
managed assets (routers, switches, 802.1x authenticated networks,
etc).

By default, the Cisco Secure ACS web administration login page runs on
TCP port 2002. Upon successful authentication, the client is then
redirected to a dynamicand unique HTTP server port between 1024 and
65535. Once authenticated, ACS relies solely upon the port and the
client IP address to validate the session.

Clearly one can think of many somewhat trivial techniques for
acquiring the necessary IP address or senarios where the attacker may
already share the same source IP as the administrator (proxies, NATing
devices). Now it's merely a matter of identifying the port allocated
for the administrative interface. This is easily accomplished as ACS
follows a simple incrementation process for port allocation.

Affected Versions:
Cisco Secure ACS 4.x for Windows
Legacy versions may also be affected.

Workarounds:
Configure ACLs within Cisco Secure ACS to restrict access to the web
interface from only 'secure' network address space.

Cisco has confirmed this vulnerability and is working on a patch.

References:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html


--

Thank you,
Darren Bounds
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close