Cisco.Secure.ACS.EAP-TLS.Authentication.Bypass

description-logoDescription

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) version 3.3.1 has an Authentication bypass vulnerability. A remote attacker could access the network via a untrusted certificate with valid username.

affected-products-logoAffected Products

Cisco Secure ACS Solution Engine
Cisco Secure ACS for Windows 3.3.1

Impact logoImpact

Authentication Bypass

recomended-action-logoRecommended Actions

Upgrade to latest version of Cisco Secure ACS and Solution Engine (3.3.2 or later):
http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)