Cisco.ACS.UCP.CGI.Pre.Authentication.Buffer.Overflow
Description
This indicates an attempt to exploit a buffer-overflow vulnerability in Cisco Secure Access Control Server (ACS) for Windows.
The vulnerability is in the User-Changeable Password (UCP) application, a set of CGI programs and web site contents installed on Microsoft IIS. The CGI program "CSUserCGI.exe" is vulnerable to multiple buffer overflows that occur
before the authentication process. A remote attacker can exploit these to gain control of vulnerable systems.
Affected Products
Cisco ACS UCP versions older than 4.2.
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
Recommended Actions
Update to Cisco ACS UCP version 4.2. See the Cisco Advisory for information on how to obtain updated software at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |