Vulnerabilities > CVE-2006-0764 - Products TACACS+ Authentication Bypass vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 6 |
References
- http://secunia.com/advisories/18904
- http://securityreason.com/securityalert/435
- http://securitytracker.com/id?1015637
- http://securitytracker.com/id?1015638
- http://www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml
- http://www.osvdb.org/23237
- http://www.securityfocus.com/bid/16661
- http://www.vupen.com/english/advisories/2006/0612
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24689