CERTA-2002-AVI-026

Vulnerability from certfr_avis - Published: - Updated:

Des utilisateurs non autorisés peuvent s'authentifier, quelque soit leur statut dans le serveur NDS.

Description

Cisco Secure Access Control Server est un outil qui permet de centraliser le contrôle des accès des utilisateurs aux passerelles du réseau. Il peut être configuré pour faire appel au service NDS.

Une vulnérabilité de Cisco Secure ACS permet à des utilisateurs dont les comptes sont désactivés ou ont expiré dans NDS de s'authentifier normalement.

Solution

Appliquer le correctif Cisco :

http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win

Cisco Secure Access Control Server (ACS) version 3.0.1 configuré pour utiliser le serveur Novell Directory Service (NDS).

Impacted products
Vendor Product Description
References
Avis Cisco None vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cTT\u003eCisco Secure Access Control Server\u003c/TT\u003e (ACS) version  3.0.1 configur\u00e9 pour utiliser le serveur \u003cTT\u003eNovell Directory  Service\u003c/TT\u003e (NDS).\u003c/P\u003e",
  "content": "## Description\n\nCisco Secure Access Control Server est un outil qui permet de\ncentraliser le contr\u00f4le des acc\u00e8s des utilisateurs aux passerelles du\nr\u00e9seau. Il peut \u00eatre configur\u00e9 pour faire appel au service NDS.\n\nUne vuln\u00e9rabilit\u00e9 de Cisco Secure ACS permet \u00e0 des utilisateurs dont les\ncomptes sont d\u00e9sactiv\u00e9s ou ont expir\u00e9 dans NDS de s\u0027authentifier\nnormalement.\n\n## Solution\n\nAppliquer le correctif Cisco :\n\n    http://www.cisco.com/cgi-bin/tablebuild.pl/cs-acs-win\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2002-AVI-026",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement des r\u00e8gles de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Des utilisateurs non autoris\u00e9s peuvent s\u0027authentifier, quelque soit leur\nstatut dans le serveur NDS.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans l\u0027authentification sur Cisco Secure Access Control Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis Cisco",
      "url": "http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.