Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-0607
HistoryMar 06, 2015 - 3:00 a.m.

CVE-2015-0607

2015-03-0603:00:13
CWE-287
[email protected]
web.nvd.nist.gov
2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.6%

JSON

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

Affected configurations

Nvd
Node
ciscoiosMatch15.4\(1\)t
OR
ciscoiosMatch15.4\(1\)t1
OR
ciscoiosMatch15.4\(1\)t2
OR
ciscoiosMatch15.4\(1\)t3
OR
ciscoiosMatch15.4\(1\)t4
OR
ciscoiosMatch15.4\(2\)t
OR
ciscoiosMatch15.4\(2\)t1
OR
ciscoiosMatch15.4\(2\)t2
OR
ciscoiosMatch15.4\(2\)t3
OR
ciscoiosMatch15.4\(100\)t
OR
ciscoiosMatch15.4t
VendorProductVersionCPE
ciscoios15.4(1)tcpe:2.3:o:cisco:ios:15.4\(1\)t:*:*:*:*:*:*:*
ciscoios15.4(1)t1cpe:2.3:o:cisco:ios:15.4\(1\)t1:*:*:*:*:*:*:*
ciscoios15.4(1)t2cpe:2.3:o:cisco:ios:15.4\(1\)t2:*:*:*:*:*:*:*
ciscoios15.4(1)t3cpe:2.3:o:cisco:ios:15.4\(1\)t3:*:*:*:*:*:*:*
ciscoios15.4(1)t4cpe:2.3:o:cisco:ios:15.4\(1\)t4:*:*:*:*:*:*:*
ciscoios15.4(2)tcpe:2.3:o:cisco:ios:15.4\(2\)t:*:*:*:*:*:*:*
ciscoios15.4(2)t1cpe:2.3:o:cisco:ios:15.4\(2\)t1:*:*:*:*:*:*:*
ciscoios15.4(2)t2cpe:2.3:o:cisco:ios:15.4\(2\)t2:*:*:*:*:*:*:*
ciscoios15.4(2)t3cpe:2.3:o:cisco:ios:15.4\(2\)t3:*:*:*:*:*:*:*
ciscoios15.4(100)tcpe:2.3:o:cisco:ios:15.4\(100\)t:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

Related

prion 2
cvelist 1
cve 2
cisco 1
nvd 1
prion
prion
Authentication flaw
2015-03-06 03:00:00
Design/Logic Flaw
2015-02-27 02:59:00
cvelist
cvelist
CVE-2015-0607
2015-03-06 02:00:00
cve
cve
CVE-2015-0607
2015-03-06 03:00:13
CVE-2014-2188
2015-02-27 02:59:00
cisco
cisco
Cisco IOS Software Authentication Proxy Bypass Vulnerability
2015-03-03 21:56:08
nvd
nvd
CVE-2014-2188
2015-02-27 02:59:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.6%

JSON
Related for NVD:CVE-2015-0607
prion2cvelist1cve2cisco1nvd1