A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote malicious user to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the malicious user to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco secure access control system 5.8\\(0.8\\) |
||
cisco secure access control system 5.8 |
||
cisco secure access control system |
Cisco's Prime and Secure Access Control also have critical-rated bugs to squash
It's time for Cisco's Midweek Misery, netadmins, with four critical vulns to patch and a slew of others to look over if you have time. WebEx has two nasties, CVE-2018-0112 and CVE-2018-0264. CVE-2018-0112 is a remote code execution (RCE) vulnerability in two clients (the WebEx Business Suite client and WebEx Meetings), and the WebEx Meetings Server. It's an input validation slip-up that means an attacker can share a malicious Flash file (extension .swf) within WebEx and execute code on a victim'...