发布日期:2012-11-07
更新日期:2012-11-10受影响系统:
Cisco Secure ACS 5.3
Cisco Secure ACS 5.2
Cisco Secure ACS 5.1
Cisco Secure ACS 5.0
不受影响系统:
Cisco Secure ACS Cisco Secure Access Control Se
Cisco Secure ACS Cisco Secure Access Control Se
Cisco Secure ACS Cisco Secure Access Control Se
Cisco Secure ACS Cisco Secure Access Control Se
Cisco Secure ACS 5.4
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 56433
CVE ID: CVE-2012-5424
Cisco Secure Access Control System (ACS)是策略驱动的访问控制系统和网络访问控制及身份管理整合点。
Cisco Secure Access Control System (ACS) 5.x在使用了涉及TACACS+、LDAP的某个配置后,没有正确验证密码,通过发送有效的用户名和特制的密码字符串,可允许远程攻击者绕过身份验证,模拟用户。
<*来源:Cisco
链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs
*>建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20121107-acs)以及相应补丁:
cisco-sa-20121107-acs:Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability
链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acsApple QuickTime 7.7.3之前版本多个任意代码执行漏洞eBay Payflow SDK SSL证书验证安全绕过漏洞相关资讯 身份验证绕过漏洞
- Microsoft .NET Framework 身份验 (05/16/2013 05:46:04)
- IBM SAN Volume Controller和 (02/28/2013 16:05:35)
- Hitachi Cosminexus产品身份验证绕 (01/30/2013 07:54:27)
| - EMC Smarts Network Configuration (03/27/2013 21:56:03)
- Lorex LNC116和LNC104 IP摄像机远 (02/28/2013 08:28:01)
- 多个SonicWALL产品SGMS接口身份验 (01/22/2013 16:44:55)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
-
|
易网时代-编程资源站