[c-nsp] Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability

[Cisco Systems Product Security Incident Response Team]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Secure Access Control System SQL Injection Vulnerability

Advisory ID: cisco-sa-20150211-csacs

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs

Revision 1.0

For Public Release 2015 February 11 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Secure Access Control System (ACS) prior to version 5.5 patch 7 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access information in the underlying file system.

Cisco has released free software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVNtpuopI1I6i1Mx3AQJ6/A/+JIKuQxiLmALGpAfX04MpmVAEQy5lntFb
4zNxT0JxqOXzXjYaGBC+8e/Ld0SXUi4sCuewQEXHTeEBSEQfyyGjk9tnjmSaMy6z
Qp7lAB/6qZEFHnVLbwhCoAAQiYheIk18jt7fdZM6jJ4sW8mjUx6LmIcPgdURDyQT
bZ8lTvmQNF6c/lBtIdbhxfMjOJYz1i5L5bjM0NrO0HH80jfgD7hYeNO0olROwo9D
ICDRz5w07UQ949/YRLG901UAIOs0Cyodnwy44ERJ3iH0bglvFIdeGyFlfzs0wnpT
/3XiAOJPnun9Uc6HZBbpgb1Y9ojITaxaT+OzOqi0CWG8rRqKyh1i+pO6ucmq3feE
h85uBW2T0cRemgf8zMNI+fH1lLgnhCZ32gxVsOnzreSET11kcecAFkAVWmYwo4sL
PornqaV3tRJDXpAsBVceMfGIhPz8GvFii8ZqaGaF+tCl7KuRtiXYeCOdVWHZMPie
vtfYgB2il/KpB6fy9tGpQ3YmBl3n+T3oOawdIAdMuxhHYm9owZIfk7K9VC2xCbY8
96xhmJFsOZErdP1vlc4HHgUeJGWhzNvdBiPUF+V1JcdqGldA7/92SmXigbDh8Lr/
spMQBnLhuyqV7ghL6zx5HLhlwOH2Ub3dS26Fxm2GeUa1fcAIgd4ME58hSt+T3J2l
pJXLh5SWb0w=
=KXWL
-----END PGP SIGNATURE-----