Workarounds for this vulnerability include general recommendations of
protecting the Cisco Secure ACS for Unix with strong firewalls, access
controls, and preventing any external or unauthenticated access to the system,
and to port 9090 in particular. This is an interim workaround only, and a patch
or upgrade is recommended.
For this issue, a patch is available which may be installed in place of
an upgrade. The patch is available at the following temporary location:
For any assistance with the patch, please contact the TAC. This patch
fixes the security problem with the Acme.server. It includes the modified files
provided by Acme. This patch can be applied for any supported version of Cisco
Secure, that is, CiscoSecure/Unix 2.3(3) or later. The patch consists of one
To install the patch, follow the instructions below. The commands need
to be executed on your Cisco Secure ACS Unix by the administrator.
Stop Cisco Secure by entering the command:
Change to the base directory where Cisco Secure is installed.
Copy the compressed tar file Acme-Patch.tar.Z into the current
Uncompress and untar the file.
tar xvf Acme-Patch.tar
Start Cisco Secure with the command: