Cisco Secure Access Control Server for Windows Remote Code Execution

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an access control application installed
that is affected by a code execution vulnerability.

Description :

The version of Cisco Secure Access Control Server for Windows 4.x is
earlier than 4.2.1.15.11. It is, therefore, potentially affected by a
remote code execution vulnerability. Due to improper parsing of user
identities used for EAP-FAST authentication, a remote, unauthenticated
attacker could execute arbitrary code on the remote host subject to the
privileges of the user running the affected application.

Note that this issue only affects Cisco Secure Access Control Server for
Windows when configured as a RADIUS server.

See also :

http://www.nessus.org/u?f8f7745e

Solution :

Upgrade to Cisco Secure Access Control Server for Windows 4.2.1.15.11
or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 69926 ()

Bugtraq ID: 62028

CVE ID: CVE-2013-3466

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now