http://www.cisco.com/en/US/products/products_security_advisory09186a00802a9d51.shtml
 
> Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server
> Document ID: 61603
 
> Cisco Secure Access Control Server for Windows (ACS Windows)
> Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 
 
These vulnerabilities affected version 3.2 i, 3.2(2) build 15, and 3.2(3).
 
Cisco Secure ACS for UNIX is not affected.
 
Bug ID CSCeb60017 and CSCec66913:
 
A remote user can flood the CSAdmin web-based management interface (tcp/2002) with TCP
connections to cause the ACS Windows and ACS Solution Engine to stop responding to new
connections on that port.  The processing of authentication related requests may also
become unstable and stop responding.  A reboot is required to restore the system to 
normal operations.
 
Bug ID CSCec90317:
 
When Cisco Secure ACS is configured to accept Light Extensible Authentication Protocol 
(LEAP) RADIUS Proxy authentication, the device may crash when processing LEAP 
authentication requests.  A reboot is required.
 
Bug ID CSCed81716:
 
A remote user can authenticate to the system with a blank password if Cisco Secure
ACS is using anonymous bind on a Novell Directory Services (NDS) server.
 
Bug ID CSCef05950:
 
A remote user can spoof the IP address of an authenticated administrative user (that
is using the admininistrative interface on tcp/2002) and access a random port used
by the administrative interface to gain access to the administrative interface without
having to authenticate.
 
Cisco has released the following fixed versions for ACS Windows and ACS Solution Engine:
 
003.002(002.020)
003.002(002.005)
 
Cisco has released the following fixed version for ACS Solution Engine:
 
003.002(003.011)
 
See the Cisco advisory for a patch matrix.