Check Point Advisories

Update Protection against Cisco Secure Access Control Server UCP Application CSuserCGI.exe Buffer Overflow Vulnerability

Check Point Reference: CPAI-2008-131
Date Published: 9 May 2008
Severity: High
Last Updated: Wednesday 06 August, 2008
Source: Secunia Advisory: SA29351
Industry Reference:CVE-2008-0532
Protection Provided by:
Who is Vulnerable? Cisco Systems UCP Prior to 4.2
Vulnerability Description A buffer overflow vulnerability has been discovered in Cisco User-Changeable Password (UCP) application. The Cisco UCP application is used by Cisco Secure Access Control Server (ACS). It allows users to change their ACS passwords with a web-based utility. A remote attacker may exploit this issue to execute arbitrary code on a target system.
Update/Patch AvaliableUpdate to versions 4.2:
Vulnerability DetailsThe vulnerability is due to errors in the Cisco UCP application that fails to sufficiently validate input in the executable file CSuserCGI.exe. A remote attacker may exploit this issue by sending a malicious request to a target server. Successful exploitation of this vulnerability will allow the attacker to execute arbitrary code on a vulnerable system by providing a large argument in the request sent to the server.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.