You are here
Home > Preporuke > Ranjivost Cisco Secure Access Control System uređaja

Ranjivost Cisco Secure Access Control System uređaja

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control System

Advisory ID: cisco-sa-20140115-csacs

Revision 1.0

For Public Release 2014 January 15 12:00 UTC (GMT)

+———————————————————————

Summary
=======

Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities:

Cisco Secure ACS RMI Privilege Escalation Vulernability
Cisco Secure ACS RMI Unauthenticated User Access Vulnerability
Cisco Secure ACS Operating System Command Injection Vulnerability

Cisco Secure ACS uses the Remote Method Invocation (RMI) interface for internode communication using TCP ports 2020 and 2030.

These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other.

Cisco has released free software updates that address these vulnerabilities. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs

Network-based mitigations for the RMI-based vulnerabilities are outlined in the Cisco Applied Mitigation Bulletin: Identifying and Mitigating the Multiple Vulnerabilities in Cisco Secure Access Control System
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32120

—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)

iF4EAREKAAYFAlLWjpIACgkQUddfH3/BbTosbAD/VuzxU5TkUyAhJLycJHyypiRg
fZpaJ6IZvX+mjLRTidMA/iYaghbeg9GGU1a9FlRZt+WC/BNaodIGGU35zzlM+Ztb
=ffTY
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Sigurnosni propust programskog paketa djvulibre

Otkriven je sigurnosni propust u programskom paketu djvulibre. Otkriveni propust potencijalnim napadačima omogućuje izvođenje napada uskraćivanja usluge ili izvršavanje proizvoljnog...

Close