Cisco Secure Access Control System (ACS) Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host has a web application installed that is affected by
multiple vulnerabilities.

Description :

The version of Cisco Secure Access Control System installed on the
remote host is potentially affected by multiple vulnerabilities :

- An unspecified cross-site scripting vulnerability exists
in the web interface. (CVE-2013-3423)

- An unspecified cross-site request forgery vulnerability
exists in the Admin/View Page. (CVE-2013-3424)

See also :

http://www.nessus.org/u?96d3f981
http://www.nessus.org/u?4808d13e
http://tools.cisco.com/security/center/viewAlert.x?alertId=30076

Solution :

Upgrade to Cisco Access Control System 5.3(0.40.9) / 5.4(0.46.3) or
later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 69853 ()

Bugtraq ID: 61173
61175

CVE ID: CVE-2013-3423
CVE-2013-3424