TITLE: Cisco Secure Access Control Server Downloadable IP Access Control List Vulnerability SECUNIA ADVISORY ID: SA18141 VERIFY ADVISORY: http://secunia.com/advisories/18141/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Cisco PIX 6.x http://secunia.com/product/56/ Cisco PIX 7.x http://secunia.com/product/6102/ Cisco VPN 3000 Concentrator http://secunia.com/product/90/ Cisco VPN 3002 Hardware Client 3.x http://secunia.com/product/3382/ SOFTWARE: Cisco Firewall Services Module (FWSM) 1.x http://secunia.com/product/2273/ Cisco Firewall Services Module (FWSM) 2.x http://secunia.com/product/5088/ Cisco Secure ACS 3.x http://secunia.com/product/679/ DESCRIPTION: ovt has reported a vulnerability in Cisco Secure ACS (Access Control Server), which potentially can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a design error in the Downloadable IP ACL (Access Control List) feature. This can be exploited by malicious people who knows the name of a Downloadable IP ACL configured on the ACS server to authenticate to the RAS/NAS (Remote Access Server/Network Access Server) by using the name of that ACL as their user name. Successful exploitation requires that the attacker knows the name of the Downloadable IP ACL e.g. by sniffing network traffic between the RAS/NAS and the ACS server. SOLUTION: The vulnerability has been fixed in the following versions. * Cisco Secure ACS Version 4.0.1 * PIX version 6.3(5) * PIX/ASA 7.0(2) * Cisco IOS Software Version 12.3(8)T4 * VPN 3000 versions 4.0.5.B and 4.1.5.B Cisco FWSM: Refer to vendor's original advisory for workaround instructions. PROVIDED AND/OR DISCOVERED BY: ovt ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------