Cisco has released patches for three vulnerabilities in its Secure Access Control System, including two flaws that could enable a remote attacker to take complete control of an affected system.
Cisco’s Secure ACS is part of the company’s TrustSec solution, which the company says “supports the increasingly complex policies needed to meet today’s new demands for access control management and compliance.” The system contains three separate vulnerabilities: a privilege-escalation flaw, an unauthenticated user access bug and an operating system command-injection flaw. The latter two are the most serious, Cisco said.
“A vulnerability in the RMI interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to access the ACS via the RMI interface,” the Cisco advisory says.
“The vulnerability is due to insufficient authentication and authorization enforcement. An attacker could exploit this vulnerability by accessing the ACS via the RMI interface. An exploit could allow the attacker to access the ACS and perform administrative actions.”
The second remotely exploitable bug is the command-injection flaw.
“A vulnerability in the web interface of Cisco Secure ACS could allow an authenticated, remote attacker to inject operating system-level commands,” the advisory says.
“The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting operating system commands into a specific location of the ACS web interface. An exploit could allow the attacker to perform operating system-level commands without shell access, impacting the confidentiality, integrity, or availability of the system.”
The privilege escalation flaw is far less serious and can only be exploited by a local authenticated user.
“A vulnerability in the RMI interface of Cisco Secure ACS could allow an authenticated, remote attacker to perform actions as superadmin,” Cisco says.