Bugtraq mailing list archives
Re: XSS in CiscoSecure ACS v3.0
From: Lisa Napier <lnapier () cisco com>
Date: Thu, 20 Jun 2002 19:15:50 -0700
Hi Dave,Thank you for posting this information. The defect ID's for Cisco customers who wish to track this issue via the Cisco Bug toolkit on our website are: CSCdx88709 and CSCdx88715 for both affected release versions.
Thank you, Lisa Napier Product Security Incident Response Team Cisco Systems At 01:39 PM 6/14/2002, Dave Palumbo wrote:
sMax. Security Advisory ------------------------------- Title: Cross-Site Scripting in CiscoSecure ACS v3.0 Date: June 14, 2002 PRODUCT AFFECTED: CiscoSecure ACS v3.0 (Win32) PRODUCT OVERVIEW: CiscoSecure ACS is Cisco's implementation of RADIUS. v3.0 is the current release of the product. Taken from their website: "Cisco Secure ACS provides authentication, authorization, and accounting (AAApronounced "triple A") services to network devices that function as AAA clients, such as a network access server, PIX Firewall, or router." VULNERABILITY: Testing CiscoSecure ACS v3.0(1), Build 40 reveals a cross-site scripting problem in the web server component. Specifically, the "action" argument that the setup.exe handler uses does not appear to do proper input validation. Other arguments were not tested, though they may be vulnerable as well. Proof-of-concept: http://IP.ADD.RE.SS:dyn_port/setup.exe?action=<script>alert('foo+bar')</script>&page=list_users&user=P* (URL may wrap) Obviously one needs to already be authenticated to the ACS web server for this to successfully be carried out. SOLUTION: Follow best practices, don't make the web component of ACS server available over the Internet. Cisco was contacted on May 21st. They have committed to fixing this in the next release of the software, due out in "mid to late summer". - Dave Palumbo __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
Attachment:
_bin
Description:
Current thread:
- XSS in CiscoSecure ACS v3.0 Dave Palumbo (Jun 14)
- Re: XSS in CiscoSecure ACS v3.0 Lisa Napier (Jun 21)