CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
85.9%
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a “tacacs-server host” command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | anomaly_guard_module | 5.0(1) | cpe:2.3:h:cisco:anomaly_guard_module:5.0\(1\):*:*:*:*:*:*:* |
cisco | anomaly_guard_module | 5.0(3) | cpe:2.3:h:cisco:anomaly_guard_module:5.0\(3\):*:*:*:*:*:*:* |
cisco | guard | 5.0(1) | cpe:2.3:h:cisco:guard:5.0\(1\):*:*:*:*:*:*:* |
cisco | guard | 5.0(3) | cpe:2.3:h:cisco:guard:5.0\(3\):*:*:*:*:*:*:* |
cisco | traffic_anomaly_detector_module | 5.0(1) | cpe:2.3:h:cisco:traffic_anomaly_detector_module:5.0\(1\):*:*:*:*:*:*:* |
cisco | traffic_anomaly_detector_module | 5.0(3) | cpe:2.3:h:cisco:traffic_anomaly_detector_module:5.0\(3\):*:*:*:*:*:*:* |
secunia.com/advisories/18904
securityreason.com/securityalert/435
securitytracker.com/id?1015637
securitytracker.com/id?1015638
www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml
www.osvdb.org/23237
www.securityfocus.com/bid/16661
www.vupen.com/english/advisories/2006/0612
exchange.xforce.ibmcloud.com/vulnerabilities/24689