Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5424

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5424
Last Modified 11 Mar 2013 11:18:00
Published 07 Nov 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5424

Summary

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.

Vulnerable Systems

Application

  • Cisco Secure Access Control Server 5.0

  • Cisco Secure Access Control Server 5.1

  • Cisco Secure Access Control Server 5.2

  • Cisco Secure Access Control Server 5.3


References

CISCO - 20121107 Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

XF - cisco-acs-sec-bypass(79860)

BID - 56433

SECUNIA - 51194

OSVDB - 87251

SECTRACK - 1027733


Last Updated: 27 May 2016 10:47:22