Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0607

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-0607
Last Modified 06 Mar 2015 11:17:32
Published 05 Mar 2015 10:00:13
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0607

Summary

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

Vulnerable Systems

Operating System

  • Cisco Ios 15.4%281%29t

  • Cisco Ios 15.4%281%29t1

  • Cisco Ios 15.4%281%29t2

  • Cisco Ios 15.4%281%29t3

  • Cisco Ios 15.4%281%29t4

  • Cisco Ios 15.4%28100%29t

  • Cisco Ios 15.4%282%29t

  • Cisco Ios 15.4%282%29t1

  • Cisco Ios 15.4%282%29t2

  • Cisco Ios 15.4%282%29t3

  • Cisco Ios 15.4t


References

SECTRACK - 1031817

BID - 72794

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=37711

CISCO - 20150226 Cisco IOS Software Authentication Proxy Bypass Vulnerability


Last Updated: 27 May 2016 11:07:58