10 - cisco-sa-20080312-ucp

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities

Informations
Name	cisco-sa-20080312-ucp	First vendor Publication	2008-01-14
Vendor	Cisco	Last vendor Modification	2008-03-12
Severity (Vendor)	N/A	Revision	1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application and reported to Cisco by Felix 'FX' Lindner, Recurity Labs GmbH.

The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed.

The second set of vulnerabilities address cross-site scripting in the UCP application pages.

Both sets of vulnerabilities could be remotely exploited, and do not require valid user credentials.

Cisco has released a free software update for UCP that addresses these vulnerabilities.

There are no workarounds that mitigate these vulnerabilities.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a008095 (...)

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
50 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Acs For Windows cpe:2.3:a:cisco:acs_for_windows::::::::	1
Application	Cisco Acs Solution Engine cpe:2.3:a:cisco:acs_solution_engine::::::::	1
Application	Cisco User Changeable Password cpe:2.3:a:cisco:user_changeable_password:4.1:::::::*	1

SAINT Exploits

Description	Link
Cisco Secure ACS UCP CSuserCGI.exe buffer overflow	More info here

Open Source Vulnerability Database (OSVDB)

Id	Description
42962	Cisco Secure Access Control Server (ACS) CSUserCGI.exe Help Facility XSS
42961	Cisco Secure Access Control Server (ACS) CSuserCGI.exe Multiple Remote Overflows

Information Assurance Vulnerability Management (IAVM)

Date	Description
2008-03-25	IAVM : 2008-B-0025 - Cisco Secure Access Control Server for Windows User-Changeable Password Vulne... Severity : Category I - VMSKEY : V0015781

Snort® IPS/IDS

Date	Description
2014-01-10	Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overf... RuleID : 13656 - Revision : 12 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-01-19 21:20:31	Multiple Updates
2013-11-11 12:37:26	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
CPE ID(s)	3
Saint Exploit(s)	1
osvdb(s)	2
IAVM(s)	1
Snort® Rule(s)	1

	Related
10	CVE-2008-0532
4.3	CVE-2008-0533
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)