CVE-2008-0532

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine versions prior to 4.2

Description The issue is related to multiple buffer overflows in the securecgi-bin/CSuserCGI.exe component of the User-Changeable Password (UCP) feature. This allows remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument.

Recommendations For versions prior to 4.2, update to version 4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the securecgi-bin/CSuserCGI.exe component to minimize the risk of exploitation.