‘Cisco Secure Access Control System Unauthorized Password Change Vulnerability’

Summary

Cisco Secure ACS contains an Unauthorized Password Change Vulnerability.’

Credit:

‘The original article can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml


Details

Vulnerable Systems:
 * Cisco Secure ACS version 5.1 with patches 3, 4, or 5 installed and without patch 6 or later
 * Cisco Secure ACS version 5.2 without any patches installed
 * Cisco Secure ACS version 5.2 with patch 1 or 2 installed and without patch 3 or later

Immune Systems:
 * Cisco Secure ACS version prior to version 5.1
 * Cisco Secure ACS version 5.1 without any patches installed, or with patch 6 or later installed
 * Cisco Secure ACS version 5.1 with patch 1 or 2 installed
 * Cisco Secure ACS version 5.1 with patch 3, 4, or 5 installed, as long as patch 6 or later is also installed
 * Cisco Secure ACS version 5.2 with patch 1 or 2 installed, as long as patch 3 or later is also installed
 * Cisco Secure ACS version 5.2 with patch 3 or later installed

A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account’s previous password. Successful exploitation requires the user account to be defined on the internal identity store.

This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password.

Patch Availability:
This vulnerability is first fixed in the following Cisco Secure ACS software patches:

– Cisco Secure ACS version 5.1
File 5-1-0-44-6.tar.gpg – ACS 5.1.0.44 cumulative patch 6

– Cisco Secure ACS version 5.2
File 5-2-0-26-3.tar.gpg – ACS 5.2.0.26 cumulative patch 3

These Cisco Secure ACS patches can be downloaded from the Software Center on Cisco.com by visiting http://www.cisco.com/cisco/software/navigator.html (registered customers only). The patches are accessible using the following paths:

> ‘Security > Identity Management > Cisco Secure Access Control System > Cisco Secure Access Control System 5.1’
> ‘Security > Identity Management > Cisco Secure Access Control System > Cisco Secure Access Control System 5.2’

Disclosure Timeline:
Revision 1.0 2011-March-30 Initial public release.’

Categories: News