Cisco Secure Access Control System Malformed Packet Denial of Service Vulnerability

A vulnerability in the TACACS+ socket read function of Cisco Secure ACS versions 5.x could allow an unauthenticated, remote attacker to cause a runtime process to crash.

The vulnerability is due to improper processing of read requests on the TACACS+ socket. An attacker could exploit this vulnerability by sending malformed TCP packets to an affected ACS server configured for TACACS+. An exploit could allow the attacker to cause a runtime process to crash, resulting in a denial of service (DoS) condition for TACACS+ requests.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, the attacker would need to send malformed TCP packets to the targeted system. To achieve this objective, the attacker may need access to trusted, internal network resources. This access requirement reduces the likelihood of a successful exploit…

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.