Advisory ID: cisco-sa-20150211-csacs
Revision 2.0
For Public Release 2015 February 11 16:00 UTC (GMT)
Last Updated 2015 March 11 19:34 UTC (GMT)
+-----------------------------
Summary
=======
Cisco Secure Access Control System (ACS) prior to version 5.5 patch 8 is vulnerable to a SQL injection
attack in the ACS View reporting interface pages. A successful attack could allow an authenticated,
remote attacker to access and modify information such as RADIUS accounting records stored in one of
the ACS View databases or to access information in the underlying file system. A previous version of
this advisory indicated that a product running version 5.5 patch 7 was not vulnerable; however,
customers running version 5.5 patch 7 should upgrade to patch 8 to completely mitigate the
vulnerability described in this advisory.
Cisco has released free software updates that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/
Komentarų nėra:
Rašyti komentarą