Advisory ID: cisco-sa-20150211-csacs
http://tools.cisco.com/
Revision 1.0
For Public Release 2015 February 11 16:00 UTC (GMT)
+-----------------------------
Summary
=======
Cisco Secure Access Control System (ACS) prior to version 5.5 patch 7 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access information in the underlying file system.
Cisco has released free software updates that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/
Komentarų nėra:
Rašyti komentarą