Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D6724CFE14B6330D0145E76C5F19A19B
HistoryApr 07, 2008 - 12:00 a.m.

Cisco Secure ACS UCP CSuserCGI.exe buffer overflow

2008-04-0700:00:00
SAINT Corporation
www.saintcorporation.com
10

0.927 High

EPSS

Percentile

98.8%

JSON

Added: 04/07/2008
CVE: CVE-2008-0532
BID: 28222
OSVDB: 42961

Background

Cisco Secure Access Control Server (ACS) is a centralized user access control framework which can be used with routers, switches, firewalls, VPNs, and other devices. User Changeable Passwords (UCP), a utility implemented by Cisco Secure ACS, allows users to change their ACS passwords using a web browser.

Problem

A buffer overflow in the **CSuserCGI.exe** program allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP request with a long Logout argument.

Resolution

Upgrade to UCP 4.2.

References

<http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml&gt;
<http://www.frsirt.com/english/advisories/2008/0868&gt;

Limitations

Exploit works on Cisco UCP 4.1.4.13.

On Windows Server 2003, Read and Execute privileges on the file **%windir%\system32\cmd.exe** must be granted to the Internet Guest Account “IUSR_” for the exploit to work properly.

Platforms

Windows 2000
Windows Server 2003

Related

checkpoint_advisories 2
prion 1
saint 3
cve 1
securityvulns 2
cisco 1
packetstorm 1
seebug 1
checkpoint_advisories
checkpoint_advisories
Cisco Secure Access Control Server UCP Application Buffer Overflow (CVE-2008-0532)
2009-09-30 00:00:00
Update Protection against Cisco Secure Access Control Server UCP Application CSuserCGI.exe Buffer Overflow Vulnerability
2008-05-09 00:00:00
prion
prion
Buffer overflow
2008-03-14 20:44:00
saint
saint
Cisco Secure ACS UCP CSuserCGI.exe buffer overflow
2008-04-07 00:00:00
Cisco Secure ACS UCP CSuserCGI.exe buffer overflow
2008-04-07 00:00:00
Cisco Secure ACS UCP CSuserCGI.exe buffer overflow
2008-04-07 00:00:00
cve
cve
CVE-2008-0532
2008-03-14 20:44:00
securityvulns
securityvulns
Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities
2008-03-12 00:00:00
Cisco SecureACS buffer overflow
2008-03-13 00:00:00
cisco
cisco
Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities
2008-03-12 16:00:00
packetstorm
packetstorm
RecurityLabs_Cisco_ACS_UCP_advisory.txt
2008-03-13 00:00:00
seebug
seebug
Cisco User-Changeable Password(UCP)CSuserCGI.exe缓冲区溢出及跨站脚本漏洞
2008-03-15 00:00:00

0.927 High

EPSS

Percentile

98.8%

JSON
Related for SAINT:D6724CFE14B6330D0145E76C5F19A19B
checkpoint_advisories2prion1saint3cve1securityvulns2cisco1packetstorm1seebug1