Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
Software | From | Fixed in |
---|---|---|
cisco / acs_solution_engine | - | - |
cisco / user_changeable_password | 4.1 | 4.1.x |
cisco / acs_for_windows | - | - |