The vulnerability is due to a failure to properly sanitize user-supplied input passed to the reporting application. The authentication requires access to an ACS administrator account.
#CISCO SECURE ACCESS CONTROL SYSTEM CODE#
With an external identity store, Cisco Secure ACS will retrieve information from an external database.Ī vulnerability in the web framework code of Cisco ACS could allow an authenticated, remote attacker to execute arbitrary SQL queries on one of the two ACS View databases. An internal identity store has user credential information stored in an internal database. The identity stores can be internal or external.
Cisco Secure ACS provides central management of access policies for device administration and wireless, wired 802.1x, and remote VPN network access scenarios. It supports the increasingly complex policies needed to meet today's new demands for access control management and compliance.
#CISCO SECURE ACCESS CONTROL SYSTEM PATCH#
The preceding show version output example above shows a Cisco Secure ACS running version 5.5 Patch 5 (5.5.0.46.5).Ī core component of the Cisco TrustSec solution, Cisco Secure ACS is a highly sophisticated policy platform providing RADIUS and TACACS+ services. The absence of an additionalĭigit after the version string indicates a Cisco Secure ACS version that does not have any ForĮxample, a version number of 5.5.0.46.6 indicates Cisco SecureĪCS version 5.5 with up to patch 6 installed. Versionĭigit after the version number indicates the highest patch level installed. The following table maps each Cisco Secure ACS version to its official build number. The version information is displayed on the left side of the screen.įrom the Cisco Secure ACS web-based interface, log in and click theĪbout link at the top right corner of the screen. On the main login page of the Cisco Secure ACS web-based interface, Version information of installed applications Show version command, as shown in the followingĬisco Application Deployment Engine OS Release: 2.1Ĭopyright (c) 2005-2013 by Cisco Systems, Inc. Use the following methods to determine the version of Cisco Secure ACS that is running:įrom the Cisco Secure ACS command-line interface (CLI), issue the
0 kommentar(er)
