A security vulnerability in the Cisco Secure Access Control Server (ACS) has recently been discovered and disclosed. 
The Cisco Secure Access Control Server (ACS) is a crucial component in Cisco’s trust and identity management framework. It is also one of the foundational platforms of the Cisco Network Admission Control (NAC) initiative.
Secure ACS is an identity management solution that simplifies user management by integrating authentication access rights, users, administrators, and management policies.
The security vulnerability in Secure ACS could allow hackers to gain administrative access to the web-based interface of network device management software.
Darren Bounds, an independent security research expert, discovered and disclosed this security flaw through the Full Disclosure security email list.
Secure ACS is a vital node in the Cisco NAC framework. It primarily relies on the capabilities of users and endpoints to authenticate access to central directories.
“Unfortunately, if the security flaw in Secure ACS is successfully exploited, an attacker could gain administrative access to any device for which the ACS server holds authentication rights,” Bounds stated.
This security vulnerability is relatively easy to exploit because the necessary information for exploitation can often be easily gathered or may already exist in certain scenarios. For example, many companies handle Secure ACS access through a proxy, meaning that all clients share the same IP address.
To exploit this security flaw, an attacker needs to identify a dynamic port managed by the ACS server. This information is straightforward to find since most Secure ACS implementations currently utilize automatic port allocation.
“It is very easy to predict whether the administrator is logged in to check which port they are using. And since only about 65,000 combinable ports are in use, an attacker could simply cycle through all the ports to discover the one they need,” Bounds added.
Yesterday, the Cisco Product Security Incident Response Team (PSRIT) reported that they are investigating this security vulnerability further.
Hoàng Dũng
