Researchers at Positive Technologies discovered a serious flaw (CVE-2018-0253) in Cisco’s Secure Access Control System (ACS). System administrators use Cisco ACS to authenticate users across the network. The vulnerability allows external access to the Cisco ACS web interface, thereby allowing attackers to possibly gain unrestricted access to the internal network.
Analysis
An attacker who successfully exploits the ACS Report component of Cisco ACS could execute arbitrary commands on the affected system, which would be processed at the targeted user's privilege level.
The Cisco vulnerability received a CVSS v3.0 score of 9.8 out of 10, indicating a "critical" degree of severity. According to Cisco, “The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device.”
If Active Directory is integrated with Cisco ACS, an attacker could possibly steal the credentials of the domain administrator.
Solution
This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7.
Cisco has released software updates that address this vulnerability, and they are available for download.
Tenable® has released a Nessus® plugin to help our customers determine their Cyber Exposure gap.
Plugin ID | Description |
Cisco Secure Access Control (cisco-sa-20180502-acs1) |
Additional Information
- Cisco Security Advisory
- Learn more about Tenable.io,® the first Cyber Exposure platform for holistic management of your modern attack surface
- Get a free 60-day trial of Tenable.io Vulnerability Management