Cisco Secure Access Control Server Multiple Vulnerabilities
Cisco Secure Access Control Server and Secure Access Control Server Solution Engine are reported prone to multiple vulnerabilities. These vulnerabilities may allow remote attackers to cause denial of service conditions and gain unauthorized access to AAA clients and ACS administration interface.
The following specific vulnerabilities were reported by the vendor:
A remote attacker can trigger a denial of service condition in ACS Windows and ACS Solution Engine by establishing a large amount of TCP connections to the CSAdmin application.
Cisco Secure ACS is reported prone to another denial of service vulnerability when handling Light Extensible Authentication Protocol (LEAP) authentication requests.
Cisco Secure ACS is reported prone to an authentication bypass vulnerability when configured to communicate to a Novell Directory Services (NDS) database for authenticating NDS users.
Another vulnerability affecting ACS may allow remote attackers to gain unauthenticated access to the administration interface of the service.