Cisco Secure ACS EAP Parsing Vulnerability (cisco-sr-20080903-csacs)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote host is missing a vendor-supplied security patch.

Description :

The version of Cisco Secure Access Control System (ACS) running on the
remote host has a memory corruption vulnerability. The length of
EAP-Response packets is not properly parsed. Remote code execution
could be possible, but has not been confirmed. A remote,
unauthenticated attacker could exploit this to execute arbitrary code.

See also :

Solution :

Upgrade to the relevant Cisco Secure Access Control System version
referenced in Cisco Security Response cisco-sr-20080903-csacs.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 69134 ()

Bugtraq ID: 30997

CVE ID: CVE-2008-2441