ISS X-Force Database: cisco-acs-session-spoofing(27328): Cisco Secure ACS administrative session spoofing

Cisco Secure ACS administrative session spoofing

cisco-acs-session-spoofing (27328)

Medium Risk

Description:

Cisco Secure Access Control Server (ACS) uses weak session management for administrative connections to the Web interface. Once authenticated, session validation is maintained using the client IP address and port association. If a remote attacker could identify the port being used and the connected administrator's IP address, the attacker could hijack the management session for the Web administration interface by spoofing the authenticated client's IP address.

Consequences:

Gain Access

Remedy:

No remedy available as of July 9, 2011.

References:

Cisco Security Response 2006 June 23 2200 UTC (GMT): Cisco Secure ACS Weak Session Management Vulnerability.
Cisco Systems Web site: Cisco Secure Access Control Server for Windows - Products & Services - Cisco Systems.
Full-Disclosure Mailing List, Fri Jun 23 2006 - 08:18:51 CDT: Cisco Secure ACS Weak Session Management Vulnerability.
Full-Disclosure Mailing List, Fri Jun 23 2006 - 18:45:40 CDT: Re: Cisco Secure ACS Weak Session Management Vulnerability.
BID-18621: Cisco Secure ACS Authentication Bypass Vulnerability
CVE-2006-3226: Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka ACS Weak Session Management Vulnerability.
OSVDB ID: 26825: Cisco Secure ACS Session Management Authentication Bypass
SA20816: Cisco Secure ACS Session Management Security Issue
SECTRACK ID: 1016369: Cisco Secure Access Control Server Session Authentication Weakness Lets Remote Users Hijack Management Sessions
VUPEN/ADV-2006-2524: Cisco Secure ACS Web Interface Session Management Security Bypass Vulnerability

Platforms Affected:

Cisco Secure Access Control Server 4.0
Cisco Secure Access Control Server 4.0.1

Reported:

Jun 23, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page