Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability identified in the Avocent Cyclades ACS Web Manager. The Avocent Advanced Console Server, or ACS, is a series of devices which provide remote management needs for medium to large data centers. All ACS devices come with a web management console that provides easy configuration for administrators.
The vulnerability was discovered by Martin Murfitt, who is a member of the SpiderLabs EMEA Penetration Testing team. Martin discovered a way to bypass authentication on the web console, which allowed him to view security settings on the device. Dynamic content was not generated using this technique, so changes to the device were not possible. Avocent has released a patch to this vulnerability as of March 10, 2011. The patch link (Version 3.3.0-6) can be seen below:
http://www.avocent.com/Support_Firmware/ACS/ACS_Advanced_Console_Servers.aspx
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.