Cisco Support Community
Community Member

Vulnerability detected in version 4.1 unquote path with embedded space

Sometime ago we found thru our scanner tool a vulnerability pointing to the following Windows components install in our machines.


                XXXX\Program Files\CiscoSecure ACS v4.1\bin\CSAdmin.exeAuto

XXXX\Program Files\CiscoSecure ACS v4.1\bin\CSAuth.exeAuto

XXXX\Program Files\CiscoSecure ACS v4.1\bin\CSDbSync.exeAuto

XXXX\Program Files\CiscoSecure ACS v4.1\bin\CSLog.exeAuto

XXXX\Program Files\CiscoSecure ACS v4.1\bin\CSMon.exeAuto

XXXX\Program Files\CiscoSecure ACS v4.1\bin\CSRadius.exeAuto

XXXX\Program Files\CiscoSecure ACS v4.1\bin\CSTacacs.exeAuto


The scanner results indocate, the following path of the Windows Components with embedded space needs to be enclose in quotes.


We were able to mitigate (work around and create a script that will detect and re-create the path  enclose in quote. I was wondering if Cisco have knowledge of the existing vulnerability in their products and if they have released a patch to remediate the problem.



Thank you for your attention, Please if any assistant is needed please call me or email for the final assessment conducted by Cisco.




Cisco Employee

This version of Cisco Secure

This version of Cisco Secure ACS is already End of life and End of support. Over the period of time, unsupported systems may become vulnerable, due to lack of upgrades and old/unsupported software codes.

The usual response you may get is to upgrade to latest versions of software which are not end of engineering support and you can get regular updates on any vulnerabilities.



-Thanks Vinod **Rating Encourages contributors, and its really free. **
Community Member

so the question is where I

so the question is where I could find out if your latest version will take care of this vulnerability. If won't do any good if your latest software does not address the issue in hand. Can you help me find out the documentation of your latest release?


СоздатьДля создания публикации, пожалуйста в систему