Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2005-4499
HistoryDec 22, 2005 - 11:03 a.m.

CVE-2005-4499

2005-12-2211:03:00
mitre
web.nvd.nist.gov
45
cisco
pix
vpn
concentrators
radius
acl
vulnerability
cs acs
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.013

Percentile

86.1%

JSON

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.

Affected configurations

Nvd
Node
ciscovpn_3001_concentrator
OR
ciscovpn_3015_concentrator
OR
ciscovpn_3020_concentrator
OR
ciscovpn_3030_concentator
OR
ciscovpn_3060_concentrator
OR
ciscovpn_3080_concentrator
OR
ciscoadaptive_security_appliance_softwareMatch7.0
OR
ciscoadaptive_security_appliance_softwareMatch7.0\(4\)
OR
ciscoadaptive_security_appliance_softwareMatch7.0.1.4
OR
ciscoadaptive_security_appliance_softwareMatch7.0.4.3
OR
ciscovpn_3000_concentrator_series_softwareMatch2.0
OR
ciscovpn_3000_concentrator_series_softwareMatch2.5.2.a
OR
ciscovpn_3000_concentrator_series_softwareMatch2.5.2.b
OR
ciscovpn_3000_concentrator_series_softwareMatch2.5.2.c
OR
ciscovpn_3000_concentrator_series_softwareMatch2.5.2.d
OR
ciscovpn_3000_concentrator_series_softwareMatch2.5.2.f
OR
ciscovpn_3000_concentrator_series_softwareMatch3.0
OR
ciscovpn_3000_concentrator_series_softwareMatch3.0.3.a
OR
ciscovpn_3000_concentrator_series_softwareMatch3.0.3.b
OR
ciscovpn_3000_concentrator_series_softwareMatch3.0.4
OR
ciscovpn_3000_concentrator_series_softwareMatch3.1
OR
ciscovpn_3000_concentrator_series_softwareMatch3.1\(rel\)
OR
ciscovpn_3000_concentrator_series_softwareMatch3.1.1
OR
ciscovpn_3000_concentrator_series_softwareMatch3.1.2
OR
ciscovpn_3000_concentrator_series_softwareMatch3.1.4
OR
ciscovpn_3000_concentrator_series_softwareMatch3.5\(rel\)
OR
ciscovpn_3000_concentrator_series_softwareMatch3.5.1
OR
ciscovpn_3000_concentrator_series_softwareMatch3.5.2
OR
ciscovpn_3000_concentrator_series_softwareMatch3.5.3
OR
ciscovpn_3000_concentrator_series_softwareMatch3.5.4
OR
ciscovpn_3000_concentrator_series_softwareMatch3.5.5
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.1
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.3
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.5
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.7
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.7.a
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.7.b
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.7.c
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.7.d
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.7.f
OR
ciscovpn_3000_concentrator_series_softwareMatch3.6.7d
OR
ciscovpn_3000_concentrator_series_softwareMatch4.0
OR
ciscovpn_3000_concentrator_series_softwareMatch4.0.1
OR
ciscovpn_3000_concentrator_series_softwareMatch4.0.2
OR
ciscovpn_3000_concentrator_series_softwareMatch4.0.5.b
OR
ciscovpn_3000_concentrator_series_softwareMatch4.1.5.b
OR
ciscovpn_3000_concentrator_series_softwareMatch4.1.7.a
OR
ciscovpn_3000_concentrator_series_softwareMatch4.1.7.b
OR
ciscovpn_3000_concentrator_series_softwareMatch4.7.1
OR
ciscovpn_3000_concentrator_series_softwareMatch4.7.1.f
OR
ciscovpn_3005_concentrator_softwareMatch4.0.1
OR
ciscovpn_3030_concentatorMatch4.7.1
OR
ciscovpn_3030_concentatorMatch4.7.1.f
AND
ciscopix_asa_ids
OR
ciscopix_firewallMatch6.2.2_.111
OR
ciscopix_firewallMatch6.2.3_\(110\)
OR
ciscopix_firewallMatch6.3.3_\(133\)
OR
ciscosecure_access_control_server
OR
ciscosecure_access_control_serverMatch2.0unix
OR
ciscosecure_access_control_serverMatch2.1windows_nt
OR
ciscosecure_access_control_serverMatch2.3unix
OR
ciscosecure_access_control_serverMatch2.3windows_nt
OR
ciscosecure_access_control_serverMatch2.3.5.1unix
OR
ciscosecure_access_control_serverMatch2.3.6.1unix
OR
ciscosecure_access_control_serverMatch2.4windows_nt
OR
ciscosecure_access_control_serverMatch2.5windows_nt
OR
ciscosecure_access_control_serverMatch2.6windows_nt
OR
ciscosecure_access_control_serverMatch2.6.2windows_nt
OR
ciscosecure_access_control_serverMatch2.6.3windows_nt
OR
ciscosecure_access_control_serverMatch2.6.4windows_nt
OR
ciscosecure_access_control_serverMatch2.42windows_nt
OR
ciscosecure_access_control_serverMatch3.0
OR
ciscosecure_access_control_serverMatch3.0windows_nt
OR
ciscosecure_access_control_serverMatch3.0.1windows_nt
OR
ciscosecure_access_control_serverMatch3.0.3windows_nt
OR
ciscosecure_access_control_serverMatch3.1
OR
ciscosecure_access_control_serverMatch3.1.1windows_nt
OR
ciscosecure_access_control_serverMatch3.2
OR
ciscosecure_access_control_serverMatch3.2windows_server
OR
ciscosecure_access_control_serverMatch3.2\(1\)
OR
ciscosecure_access_control_serverMatch3.2\(1.20\)
OR
ciscosecure_access_control_serverMatch3.2\(2\)
OR
ciscosecure_access_control_serverMatch3.2\(3\)
OR
ciscosecure_access_control_serverMatch3.2.1
OR
ciscosecure_access_control_serverMatch3.2.2
OR
ciscosecure_access_control_serverMatch3.3
OR
ciscosecure_access_control_serverMatch3.3\(1\)
OR
ciscosecure_access_control_serverMatch3.3.1
OR
ciscosecure_access_control_serverMatch3.3.2
OR
ciscovpn_3002_hardware_client
OR
ciscopix_firewall_501
OR
ciscopix_firewall_506
OR
ciscopix_firewall_515
OR
ciscopix_firewall_515e
OR
ciscopix_firewall_520
OR
ciscopix_firewall_525
OR
ciscopix_firewall_535
OR
ciscopix_firewall
OR
ciscopix_firewall_softwareMatch2.7
OR
ciscopix_firewall_softwareMatch3.0
OR
ciscopix_firewall_softwareMatch3.1
OR
ciscopix_firewall_softwareMatch4.0
OR
ciscopix_firewall_softwareMatch4.1\(6\)
OR
ciscopix_firewall_softwareMatch4.1\(6b\)
OR
ciscopix_firewall_softwareMatch4.2
OR
ciscopix_firewall_softwareMatch4.2\(1\)
OR
ciscopix_firewall_softwareMatch4.2\(2\)
OR
ciscopix_firewall_softwareMatch4.2\(5\)
OR
ciscopix_firewall_softwareMatch4.3
OR
ciscopix_firewall_softwareMatch4.4
OR
ciscopix_firewall_softwareMatch4.4\(4\)
OR
ciscopix_firewall_softwareMatch4.4\(7.202\)
OR
ciscopix_firewall_softwareMatch4.4\(8\)
OR
ciscopix_firewall_softwareMatch5.0
OR
ciscopix_firewall_softwareMatch5.1
OR
ciscopix_firewall_softwareMatch5.1\(4\)
OR
ciscopix_firewall_softwareMatch5.1\(4.206\)
OR
ciscopix_firewall_softwareMatch5.2
OR
ciscopix_firewall_softwareMatch5.2\(1\)
OR
ciscopix_firewall_softwareMatch5.2\(2\)
OR
ciscopix_firewall_softwareMatch5.2\(3.210\)
OR
ciscopix_firewall_softwareMatch5.2\(5\)
OR
ciscopix_firewall_softwareMatch5.2\(6\)
OR
ciscopix_firewall_softwareMatch5.2\(7\)
OR
ciscopix_firewall_softwareMatch5.2\(9\)
OR
ciscopix_firewall_softwareMatch5.3
OR
ciscopix_firewall_softwareMatch5.3\(1\)
OR
ciscopix_firewall_softwareMatch5.3\(1.200\)
OR
ciscopix_firewall_softwareMatch5.3\(2\)
OR
ciscopix_firewall_softwareMatch5.3\(3\)
OR
ciscopix_firewall_softwareMatch6.0
OR
ciscopix_firewall_softwareMatch6.0\(1\)
OR
ciscopix_firewall_softwareMatch6.0\(2\)
OR
ciscopix_firewall_softwareMatch6.0\(3\)
OR
ciscopix_firewall_softwareMatch6.0\(4\)
OR
ciscopix_firewall_softwareMatch6.0\(4.101\)
OR
ciscopix_firewall_softwareMatch6.1
OR
ciscopix_firewall_softwareMatch6.1\(1\)
OR
ciscopix_firewall_softwareMatch6.1\(2\)
OR
ciscopix_firewall_softwareMatch6.1\(3\)
OR
ciscopix_firewall_softwareMatch6.1\(4\)
OR
ciscopix_firewall_softwareMatch6.1\(5\)
OR
ciscopix_firewall_softwareMatch6.1.5\(104\)
OR
ciscopix_firewall_softwareMatch6.2
OR
ciscopix_firewall_softwareMatch6.2\(1\)
OR
ciscopix_firewall_softwareMatch6.2\(2\)
OR
ciscopix_firewall_softwareMatch6.2\(3\)
OR
ciscopix_firewall_softwareMatch6.2\(3.100\)
OR
ciscopix_firewall_softwareMatch6.3
OR
ciscopix_firewall_softwareMatch6.3\(1\)
OR
ciscopix_firewall_softwareMatch6.3\(2\)
OR
ciscopix_firewall_softwareMatch6.3\(3\)
OR
ciscopix_firewall_softwareMatch6.3\(3.102\)
OR
ciscopix_firewall_softwareMatch6.3\(3.109\)
OR
ciscopix_firewall_softwareMatch6.3\(5\)
VendorProductVersionCPE
ciscovpn_3001_concentrator*cpe:2.3:h:cisco:vpn_3001_concentrator:*:*:*:*:*:*:*:*
ciscovpn_3015_concentrator*cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*
ciscovpn_3020_concentrator*cpe:2.3:h:cisco:vpn_3020_concentrator:*:*:*:*:*:*:*:*
ciscovpn_3030_concentator*cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*
ciscovpn_3060_concentrator*cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*
ciscovpn_3080_concentrator*cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software7.0cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software7.0(4)cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(4\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software7.0.1.4cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software7.0.4.3cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.3:*:*:*:*:*:*:*
Rows per page:
1-10 of 1561

Related

nvd 1
cvelist 1
nvd
nvd
CVE-2005-4499
2005-12-22 11:03:00
cvelist
cvelist
CVE-2005-4499
2005-12-22 11:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.013

Percentile

86.1%

JSON
Related for CVE-2005-4499
nvd1cvelist1