Lucene search

PRIOn knowledge basePRION:CVE-2006-0764

HistoryFeb 18, 2006 - 2:02 a.m.

Authentication flaw

2006-02-1802:02:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.4%

JSON

The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a “tacacs-server host” command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.

CPENameOperatorVersion
anomaly_guard_moduleeq5.1.0
anomaly_guard_moduleeq5.3.0
guardeq5.3.0
guardeq5.1.0
traffic_anomaly_detector_moduleeq5.3.0
traffic_anomaly_detector_moduleeq5.1.0

Name	Operator	Version
anomaly_guard_module	eq	5.1.0
anomaly_guard_module	eq	5.3.0
guard	eq	5.3.0
guard	eq	5.1.0
traffic_anomaly_detector_module	eq	5.3.0
traffic_anomaly_detector_module	eq	5.1.0

References

secunia.com/advisories/18904

securityreason.com/securityalert/435

securitytracker.com/id?1015637

securitytracker.com/id?1015638

www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml

www.osvdb.org/23237

www.securityfocus.com/bid/16661

www.vupen.com/english/advisories/2006/0612

exchange.xforce.ibmcloud.com/vulnerabilities/24689

7.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.4%

JSON

Related for PRION:CVE-2006-0764