Vulnerabilities > CVE-2006-0764 - Products TACACS+ Authentication Bypass vulnerability in Cisco products

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

cisco

NVD

Published: 2006-02-18

Updated: 2017-07-20

Summary

The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.

Vulnerable Configurations

Part	Description	Count
Hardware	Cisco Cisco Anomaly Guard Module 5.0\(1\) Cisco Anomaly Guard Module 5.0\(3\) Cisco Guard 5.0\(1\) Cisco Guard 5.0\(3\) Cisco Traffic Anomaly Detector Module 5.0\(1\) Cisco Traffic Anomaly Detector Module 5.0\(3\)	6

References

http://secunia.com/advisories/18904
http://securityreason.com/securityalert/435
http://securitytracker.com/id?1015637
http://securitytracker.com/id?1015638
http://www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml
http://www.osvdb.org/23237
http://www.securityfocus.com/bid/16661
http://www.vupen.com/english/advisories/2006/0612
https://exchange.xforce.ibmcloud.com/vulnerabilities/24689