Cisco Secure Access Control Server Access-Request Handling Denial of Service Vulnerability

Cisco Secure Access Control Server for Windows and Cisco Secure Access Control Server Solution Engine contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

This vulnerability exists due to insufficient handling of malformed RADIUS Access-Request messages. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted RADIUS Access-Request network packet to an affected system, crashing the CSRadius process. This renders the system unresponsive to further RADIUS Authentication, Authorization, and Accounting requests.

Cisco has confirmed this vulnerability in a security advisory and released updated software to correct it.

To exploit this vulnerability, an attacker requires no special authentication credentials and requires no access to shared RADIUS keys. To accomplish an exploit, an attacker needs to send a crafted network request to an affected system. This likely requires the attacker to have access to trusted, internal networks or to be within range of wireless access. In the event of an exploit, attackers can render RADIUS systems unresponsive, denying authentication services to authorized users. TACACS+ functionality will still be operational, however.

Functional exploit code that proves the exploitability of this vulnerability is reported by the vendor but is not available publicly. However, because the viability of exploitation has been proven, attackers may
be more likely to develop exploit code.