Cisco Releases Security Advisory

Original release date: August 29, 2013

Cisco has released a security advisory to address a vulnerability in Cisco Secure Access Control Server (ACS) versions 4.0 through  This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is only present when Cisco ACS is configured as a RADIUS server.

Cisco has released software updates that address this vulnerability.

US-CERT encourages administrators of this software to review Cisco Security Advisory 20130828-ACS, and follow best practice security policies to determine if their organization is affected and the appropriate response.

This product is provided subject to this Notification and this Privacy & Use policy.

Reposted from US-CERT. Click here to read the original posting.