‘Cisco Network Admission Control Guest Server System Software Authentication Bypass Vulnerability’
‘The original article can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml‘
* Cisco NAC Guest Server all versions prior to software version 2.0.3
The Cisco NAC Guest Server system software contains a vulnerability in the configuration file of the RADIUS authentication software. This misconfiguration may allow an unauthenticated user to access the protected network. This vulnerability may result in authentication bypass without requiring a valid username or password.
Consult http://www.cisco.com/go/psirt and any to determine exposure and a complete upgrade solution.
It is possible to modify the RADIUS configuration file of the Cisco NAC Guest Access Server to eliminate thepotential for authentication bypass. The following commands modify the RADIUS configuration line file and restart the RADIUS daemon to read the new configuration file.
The configuration file may be modified by running the following command from the command-line interface (CLI) of the device:
# cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.orig
# sed -i ‘s/php -f/php/g’ /etc/raddb/radiusd.conf
# service radiusd restart
Revision 1.0 2011-March-30 Initial public release.’