Cisco IOS Software Authentication Proxy Bypass Vulnerability

A vulnerability in the Authentication Proxy feature of Cisco IOS Software could allow a remote attacker to bypass the authentication.

The vulnerability is due to the incorrect processing of unsupported Authentication, Authorization, and Accounting (AAA) return codes from the AAA feature by the Authentication Proxy. An attacker could exploit this vulnerability by, for example, connecting with an empty password and hoping that the AAA server (RADIUS or TACACS+) will reply to Cisco IOS with a code that is not supported by the Authentication Proxy feature.

Cisco has confirmed the vulnerability in a security notice and released software updates.

A successful exploit could allow the attacker the ability to authenticate to a targeted device by using a blank password, which could allow the attacker the ability to conduct further attacks.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.