Cisco Secure ACS EAP Parsing Vulnerability (cisco-sr-20080903-csacs)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch.

Description :

The version of Cisco Secure Access Control System (ACS) running on the
remote host has a memory corruption vulnerability. The length of
EAP-Response packets is not properly parsed. Remote code execution
could be possible, but has not been confirmed. A remote,
unauthenticated attacker could exploit this to execute arbitrary code.

See also :

http://archives.neohapsis.com/archives/bugtraq/2008-09/0033.html
http://www.nessus.org/u?00d5491a

Solution :

Upgrade to the relevant Cisco Secure Access Control System version
referenced in Cisco Security Response cisco-sr-20080903-csacs.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 69134 ()

Bugtraq ID: 30997

CVE ID: CVE-2008-2441