Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. The newly patched vulnerability is identified as CVE-2013-3466 and received the maximum severity score, 10.0 in the Common Vulnerability Scoring System (CVSS) Cisco has released free software updates that address the vulnerability described in this advisory.
Source: https://thehackernews.com/2013/08/cisco-vulnerability-allows-remote.html