Cisco have fixed a critical vulnerability that could expose servers to remote hackers. Cisco removed this bug from its Access Control Server (ACS) after receiving reports from Positive Technologies.
Positive Technologies Found Critical Cisco ACS Vulnerability
As reported on Thursday by Positive Technologies, two of their experts detected a critical bug in Cisco’s ACS that could allow hackers to access users’ credentials and further exploit a LAN. The experts Mikhail Klyuchnikov and Yury Aleynov found this bug in the web interface of Access Control System (ACS) for Cisco.
The vulnerability CVE-2018-0253 has received a CVSS v3.0 score of 9.8 out of 10. Any attacker already present on the network can leverage this flaw to access the credentials of users, or to attack other resources across the internal network. Moreover, a hacker could even perform man-in-the-middle attacks through this bug. What’s more alarming was that such a flaw could allow a hacker to perform these actions from any part of the world if the attacker succeeds in accessing the web interface of Cisco ACS externally.
Mikhail Klyuchniko explains the possible consequences of this vulnerability.
“If Cisco ACS is integrated with Microsoft Active Directory—an attacker can steal the credentials of the domain administrator.”
He further says that an attacker can perform malicious activities by controlling firewalls and routers even without Active Directory integration. The problem then occurs after incorrect handling of AMF3 messages by the server. In such a case, any attacker can easily place a serialized malicious Java object into AMF3 (a binary format used in Python, Flash, Perl, and Java). When the server deserializes this object, it loads the malicious code.
Cisco Fixed A Critical Bug Shortly After Being Notified
After the PT experts informed Cisco about this bug, Cisco was quick to fix the issue. According to what a Cisco spokesperson said to ZDNet that the ‘company does not expand on vulnerabilities’. Yet, he confirmed the report by Positive Technologies.
The Cisco spokesperson provided assurance that there have so far been no reports of any malicious exploitation of this vulnerability.