Cisco Secure Access Control Server (ACS) CSuserCGI.exe Multiple Remote Overflows

critical Nessus Plugin ID 33943

Synopsis

The remote web server contains a CGI script that is affected by multiple buffer overflow vulnerabilities.

Description

Multiple buffer overflows exist in the 'securecgi-bin/CSuserCGI.exe' CGI included with User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine.

A remote attacker can leverage these vulnerabilities to execute arbitrary code via a long argument located immediately after the 'Logout' argument, and possibly unspecified other vectors.

Solution

Upgrade to UCP Version 4.2 or later.

See Also

http://www.nessus.org/u?578e73a1

https://www.securityfocus.com/archive/1/489463/30/0/threaded

http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml

Plugin Details

Severity: Critical

ID: 33943

File Name: cisco_acs_ucp.nbin

Version: 1.92

Type: remote

Family: CISCO

Published: 8/19/2008

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-0532

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/12/2008

Vulnerability Publication Date: 3/12/2008

Exploitable With

Core Impact

Reference Information

CVE: CVE-2008-0532

BID: 28222

CWE: 119

IAVB: 2008-B-0025-S