CiscoSecure Access Control Server (CiscoSecure ACS) for UNIX Unauthenticated Database Modification
Remote / Network Access
Loss of Integrity
CiscoSecure Access Control Server (CiscoSecure ACS) for UNIX contains a flaw that may allow a remote attacker to modify the database. The issue is due to the database access protocol not properly authenticating clients. Without authenticating, an attacker can read and write to the server database, including modification of access policies.
Upgrade to version 2.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.