Warning: Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15., must be updated now!
Cisco has released this afternoon, a security advisory to address a vulnerability in Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15.
According to Cisco, this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands.
Connectikpeople may recall that, the vulnerability is only present
when Cisco ACS is configured as a RADIUS server. Therefore, Cisco has released software updates that address this vulnerability.
Connectikpeople encourages administrators of this software to review Cisco Security Advisory 20130828-ACS, and follow best practice security policies to determine if their organization is affected and apply the appropriate response.