The vulnerability described in this advisory is fixed in version 3.3.2
of the Cisco Secure ACS for Windows software and of the Cisco Secure ACS
Solution Engine. If you are currently running the identified vulnerable
software and are using EAP-TLS, you should obtain fixed software, as detailed
If you are running Cisco Secure ACS for Windows you can either upgrade
to version 3.3.2 or just replace the current
CSCRL.dll Windows Dynamic Link Library (DLL) in the
Windows System32 folder with a fixed DLL and restart Cisco Secure ACS for
Windows. Replacing the DLL fixes the problem and does not require a full
The DLL fix can be downloaded from
The file name is
accompanying Readme file (available from the same
location) contains detailed installation instructions.
If you are using the Cisco Secure ACS Solution Engine you can also
upgrade to version 3.3.2 or run an upgrade package to replace the affected DLL
(an upgrade package is needed because there is no access to the System32
directory when using the ACS Solution Engine.)
The upgrade package for the DLL fix can be downloaded from
The file name is CSCef62913-fix-ACSSE-v220.127.116.11.zip.
The accompanying Readme file (available from the
same location) contains detailed installation instructions.
Either upgrade method, a full upgrade to version 3.3.2, or just an
upgrade of the affected DLL, is provided free of charge.