Cisco Secure Access Control Server Accounting-Request Buffer Overflow Vulnerability

Cisco Secure Access Control Server for Windows and Cisco Secure Access Control Server Solution Engine contain a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.

The vulnerability exists due to insufficient input validation in the CSRadius service. An authenticated, remote attacker could exploit this vulnerability by submitting a malicious RADIUS Accounting-Request designed to cause a buffer overflow. This could allow the attacker to crash this service or execute arbitrary code with SYSTEM privileges.

Cisco has released a security advisory and released updated software.

To exploit this vulnerability, a remote attacker must have access to the RADIUS secret key. This should lower the pool of potential attackers. Exploitation could allow the attacker to execute arbitrary code with the privileges of the CSRadius service. This is the service used to provide communication between the CSAuth module and the device requesting authentication and authorization services.

If the attacker crashes the CSRadius service, all RADIUS authentication, authorization and accounting processing will cease to function. However, TACACS+ processing will continue to function.