Remote Command Execution Vulnerability in Cisco Secure Access Control Server
CVE-2013-3466

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 29 August 2013

What is CVE-2013-3466?

The EAP-FAST authentication module in Cisco Secure Access Control Server versions prior to 4.2.1.15.11 is susceptible to a vulnerability where user identities are not properly parsed when a RADIUS server configuration is enabled. This flaw enables remote attackers to craft EAP-FAST packets that can execute arbitrary commands on the affected system. Successful exploitation could lead to significant unauthorized access and control over the network infrastructure.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1028958

vdb-entryx_refsource_SECTRACK

http://osvdb.org/96668

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2013
Vulnerability Reserved
May 6, 2013