Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0607


Vulnerability Score 4.3 4.3
CVE Id CVE-2015-0607
Last Modified 06 Mar 2015 11:17:32
Published 05 Mar 2015 10:00:13
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

Vulnerable Systems

Operating System

  • Cisco Ios 15.4%281%29t

  • Cisco Ios 15.4%281%29t1

  • Cisco Ios 15.4%281%29t2

  • Cisco Ios 15.4%281%29t3

  • Cisco Ios 15.4%281%29t4

  • Cisco Ios 15.4%28100%29t

  • Cisco Ios 15.4%282%29t

  • Cisco Ios 15.4%282%29t1

  • Cisco Ios 15.4%282%29t2

  • Cisco Ios 15.4%282%29t3

  • Cisco Ios 15.4t


SECTRACK - 1031817

BID - 72794


CISCO - 20150226 Cisco IOS Software Authentication Proxy Bypass Vulnerability

Last Updated: 27 May 2016 11:07:58