Cisco has released Security Advisory cisco-sa-20080312-ucp to address multiple vulnerabilities in the Cisco Secure Access Control Server for Windows User-Changeable Password (UCP) application. These vulnerabilities are due to buffer overflow conditions and improper sanitization of input passed to CSuserCGI.exe. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code.

US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080312-ucp and apply any necessary updates.

US-CERT will provide more information as it becomes available.