[NEWS] Cross-Site Scripting in Cisco Secure ACS
From: support@securiteam.comDate: 06/15/02
- Previous message: support@securiteam.com: "[UNIX] Zeroboard PHP Source Injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 15 Jun 2002 21:41:02 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Cross-Site Scripting in Cisco Secure ACS
------------------------------------------------------------------------
SUMMARY
<http://www.cisco.com/warp/public/cc/pd/sqsw/sq/> Cisco Secure ACS
provides authentication, authorization, and accounting (AAA-pronounced
"triple A") services to network devices that function as AAA clients, such
as a network access server, PIX Firewall, or router. A security
vulnerability in the product allows for the presence of a cross site
scripting vulnerability.
DETAILS
Vulnerable systems:
* Cisco Secure ACS version 3.0 (Win32)
Testing Cisco Secure reveals a cross-site scripting problem in the web
server component. Specifically, the "action" argument that the setup.exe
handler uses does not appear to do proper input validation.
Proof-of-concept:
Obviously one needs to already be authenticated to the ACS web server for
Solution:
Vendor status:
ADDITIONAL INFORMATION
The information has been provided by <mailto:dpalumbo@yahoo.com> Dave
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
====================
DISCLAIMER:
http://IP.ADD.RE.SS:dyn_port/setup.exe?action=
(URL may wrap)
this to successfully be carried out.
Follow best practices, don't make the web component of ACS server
available over the Internet.
Cisco was contacted on May 21st. They have committed to fixing this in the
next release of the software, due out in "mid to late summer".
Palumbo.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
Relevant Pages
... VPN to ASP a security risk? ... Re: Multiple IPSec tunnels? ...
Subject: Security NT Server ... VPN to ASP a security risk? ... (Security-Basics)
... And he points to the info you need to put the file on the server in the ...
at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security
... by the firewall at risk. ... (microsoft.public.backoffice.smallbiz)
... And he points to the info you need to put the file on the server in the ...
at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security
... by the firewall at risk. ... (microsoft.public.backoffice.smallbiz2000)
... > And he points to the info you need to put the file on the server in the ...
> at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security
... An attacker can exploit these flaws in tandem via specially ... (microsoft.public.backoffice.smallbiz2000)
... And he points to the info you need to put the file on the server in the ...
at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security
... by the firewall at risk. ... (microsoft.public.windows.server.sbs)
