Command injection in Cisco Secure Access Control Server

#VU12391 Command injection in Cisco Secure Access Control Server

Published: 2018-05-07 | Updated: 2018-05-07

Vulnerability identifier: #VU12391

Vulnerability risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0253

CWE-ID: CWE-77

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Secure Access Control Server
Server applications / Directory software, identity management

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the target system.

The weakness exists in the ACS Report component due to insufficient validation of the Action Message Format (AMF) protocol. A remote attacker can send a specially crafted AMF message that contains malicious code, inject and execute arbitrary commands with root privileges.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco Secure Access Control Server: 5.8.0.8

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Command execution in Cisco Secure Access Control Server Solution Engine