CVE-2018-0253

Name of the Vulnerable Software and Affected Versions: Cisco Secure Access Control System (ACS) versions prior to 5.8 Patch 7

Description: A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. The issue is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this by sending a crafted AMF message that contains malicious code to a targeted user, allowing the execution of arbitrary commands on the ACS device.

Recommendations: For versions prior to 5.8 Patch 7, update to Release 5.8 Patch 7 or later to resolve the issue. As a temporary workaround, consider restricting access to the AMF protocol to minimize the risk of exploitation. Avoid using the AMF protocol until the issue is resolved.