Cisco Patches Critical Vulnerability That Could Compromise Windows Systems

Cisco, being one of the major players in the networking hardware arena, has to be very focused on the security of its devices. The company has recently patched a critical vulnerability which, if left unattended, allowed a hacker to gain control of a machine running Windows.


Cisco

The vulnerability apparently affected Cisco Secure Access Control Server for Windows. The compromised versions of the software include Cisco Secure ACS 4.0 to 4.2.1.15.

The exploit essentially allowed a remote hacker to gain control of a Windows machine and then execute commands of his own on that machine. In other words, he could gain near-complete control of the operating system running atop the machine.

According to a statement issued by Cisco, “The vulnerability is due to the improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server.”

Thankfully, Cisco has been able to take note of this vulnerability in time. Together with the advisory notes quoted above, the company has dished out a patch which effectively removes the vulnerability from Secure ACS. The patch arrives as part of Cisco Secure ACS for Windows 4.2.1.15.11. So if you’re running the software in question on any of your machines, you are advised to update it as soon as possible.

Source: Cisco

[ttjad keyword=”wireless-router”]

Salman

Salman Latif is a software engineer with a specific interest in social media, big data and real-world solutions using the two.Other than that, he is a bit of a gypsy. He also writes in his own blog. You can find him on Google+ and Twitter .

Leave a Reply