Intrusion Prevention



It indicates an attempt to exploit a Denial of Service vulnerability in some versions of CiscoSecure ACS for Windows NT.
The vulnerability is due to an error when handling a malformed HTTP GET requests on the telnet port. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.

Affected Products

Cisco CBOS 2.3.8
Cisco CBOS 2.3.7
Cisco CBOS 2.3.5
Cisco CBOS 2.3.2
Cisco CBOS 2.3
Cisco CBOS 2.2.1 a
Cisco CBOS 2.2.1
Cisco CBOS 2.2
Cisco CBOS 2.1 a
Cisco CBOS 2.1
Cisco CBOS 2.0.1


Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest version.