To mitigate the threat, Chris Labatt-Simon, president and CEO of D&D Consulting, an Albany, N.Y.-based solution provider, recommends that companies use more security on their boxes and not allow access to Secure ACS from proxy servers.
And because there are only about 65,000 port combinations, attackers could also just run through all the ports to find the one they need, he added. "It's very easy to determine if an administrator is logged in to determine what port they're using," Bounds said. To exploit the flaw, attackers also need to find out which dynamic port is being leveraged by the ACS server for administration purposes, and that information is easy to predict because the current implementation of Secure ACS uses automatic port allocation, Bounds said.
For example, many companies handle access to the Secure ACS through a proxy, which means all clients have the same IP address, he noted. The flaw is "fairly trivial" to exploit because the information to exploit it can be easily acquired and may already exist in some circumstances, Bounds said. "Ultimately, compromising Secure ACS grants you administrative access to any devices that the server is responsible for authenticating," said Bounds. Secure ACS is essentially the hub of Cisco's NAC framework and it relies heavily on the ability of the user and endpoints to authenticate against a central directory, Bounds said.
Cisco secure access control system full#
Secure ACS, an identity networking solution that simplifies user management by combining authentication, user and administrator access, and policy control, includes a flaw that could enable attackers to gain administrative access to the Web-based interface used to manage network devices, according to independent security researcher Darren Bounds, who revealed the flaw in a post to the Full Disclosure security mailing list last week.
0 kommentar(er)
