Cisco Secure Access Control System Error Condition Information Disclosure Vulnerability

An issue in the web interface of Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to view detailed error message information.

The issue is due to insufficient filtering of error condition output. An attacker could exploit this issue by forcing the system to generate an error condition.

Cisco has confirmed this vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must authenticate to a targeted device. This access requirement decreases the likelihood of a successful exploit.