CVE-2013-3466

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) versions 4.x before 4.2.1.15.11

Description The issue concerns the EAP-FAST authentication module, which does not properly parse user identities when a RADIUS server configuration is enabled. This allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets.

Recommendations For versions prior to 4.2.1.15.11, update to version 4.2.1.15.11 or later to resolve the issue. As a temporary workaround, consider disabling the EAP-FAST authentication module until a patch is available. Restrict access to the RADIUS server configuration to minimize the risk of exploitation.