The Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application suffers from buffer overflow and cross site scripting vulnerabilities. Details provided.
a242258bd4975d682d6d762fee35ed4b8fd3212690cec9f6401fbc5d74109bb6
Cisco Security Advisory - Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application. The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed. The second set of vulnerabilities address cross-site scripting in the UCP application pages.
f88707ab17b43b63e07bb9e4fd28777a8d510ea5523d765ef65f2564020d2700