The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a “tacacs-server host” command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
secunia.com/advisories/18904
securityreason.com/securityalert/435
securitytracker.com/id?1015637
securitytracker.com/id?1015638
www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml
www.osvdb.org/23237
www.securityfocus.com/bid/16661
www.vupen.com/english/advisories/2006/0612
exchange.xforce.ibmcloud.com/vulnerabilities/24689