Cisco Secure Access Control Systems (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass the TACACS+ based authentication service offered by the product.
Cisco has released software updates that address this vulnerability.
US-CERT encourages users and administrators to review the Cisco Security Advisory 20121107-ACS and follow best practice security policies to determine if their organization is affected and the appropriate response.
This product is provided subject to this Notification and this Privacy & Use policy.