Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ACS SE 4.2 underlying windows vulnerbilites

Hi,

A client of ours identified the following vulnerabilities in the Windows component of their ACS SE 4.2 1113 appliance:

Microsoft Windows Server Service Could Allow Remote Code Execution

(MS08-067)

CVE-2008-4250

QID:

90464

Category:

Windows

CVE ID:

CVE-2008-4250

Vendor Reference

MS08-067

Bugtraq ID:

31874

Detected through MSRPC Interface

Microsoft SMB Remote Code Execution Vulnerability (MS09-001)

QID:

90477

Category:

Windows

CVE ID:

CVE-2008-4834 CVE-2008-4835 CVE-2008-4114

Vendor Reference

MS09-001

Bugtraq ID:

-

Are these legitimate security concerns or are they not relevant to Cisco's implementation of the Windows component of the ACS appliance?

Or do I have to raise a TAC for further information?

Everyone's tags (4)
2 REPLIES

ACS SE 4.2 underlying windows vulnerbilites

Hi it would be best to raise a tac case for this, I know that the acs solution engine comes with a built in CSA agent which is basically like a firewall and allows radius and tacacs communication through so I dont think it is succeptable to most of the windows flaws. With that said some of the patches do contain certian windows fixes but TAC will have to point you in the right direction as to what those fixes are.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

ACS SE 4.2 underlying windows vulnerbilites

I would agree with Tarik that Cisco TAC is the best party that you can contct.

But you can always make sure you are on the latest patch before contacting them.

I would say that if this problem is reported by a security audit then we are sure this vulnerability is exist with the ACS.

If you are copying this from somewhere then it is still probable if it is hitting the box.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
442
Views
0
Helpful
2
Replies
CreatePlease to create content