7.4 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.5%
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a “tacacs-server host” command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
secunia.com/advisories/18904
securityreason.com/securityalert/435
securitytracker.com/id?1015637
securitytracker.com/id?1015638
www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml
www.osvdb.org/23237
www.securityfocus.com/bid/16661
www.vupen.com/english/advisories/2006/0612
exchange.xforce.ibmcloud.com/vulnerabilities/24689