Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0764

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0764
Last Modified 07 Mar 2011 09:30:46
Published 17 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0764

Summary

The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.

Vulnerable Systems


References

XF - cisco-tacacs-auth-bypass(24689)

VUPEN - ADV-2006-0612

BID - 16661

CISCO - 20060215 TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products

OSVDB - 23237

SECTRACK - 1015638

SECTRACK - 1015637

SREASON - 435

SECUNIA - 18904


Last Updated: 27 May 2016 10:41:47