A potentially critical vulnerability has been found in Cisco Systems' Secure Access Control Server (ACS) for Windows servers, which is used to control devices such as routers in large networks.

The buffer overflow glitch may allow an attacker to seize control of the Cisco service, when running on Windows. The Unix variant is not affected.

Exploitation of the flaw could result in a malicious hacker gaining full control of a target company's security infrastructure, leaving them completely exposed, should they be using ACS to control it.

The ACS system is used to control routers, firewalls, VPNs, VoIP systems, wireless networks, as well as to provision access policies to users.

-Cisco Secure ACS offers centralised command and control for all user authentication, authorisation, and accounting from a Web-based, graphical interface," the company's Web site says.

Cisco has released an advisory that outlines the flaw.

-Exploitation of this vulnerability results in a denial of service, and can potentially result in system administrator access. Cisco is providing repaired software, and customers are recommended to install patches or upgrade at their earliest opportunity," the advisory said.

An exploit for the vulnerability is not known to be circulating, and ACS servers are ideally deployed on network segments with limited physical access.

The flaw was found by researchers at China-based NSFOCUS. It is yet to release an advisory of its own.

Administrators of ACS systems can block TCP port 2002 until they can deploy the fix, which has been developed by Cisco.

-Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide Web site," the advisory states.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.