The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x prior to 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote malicious users to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco secure access control server |
||
cisco secure access control server 4.2.1.15.9 |
||
cisco secure access control server 4.2.1.15.7 |
||
cisco secure access control server 4.2.1.15.4 |
||
cisco secure access control server 4.2.1.15.2 |
||
cisco secure access control server 4.2.1.15.1 |
||
cisco secure access control server 4.2.1.15.0 |
||
cisco secure access control server 4.2.1.15.8 |
||
cisco secure access control server 4.2.1.15.6 |
||
cisco secure access control server 4.2.1.15.3 |