Back to search
CVE-2015-0607
Published: Mar 6, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
72794
vdb-entry
x_refsource_BID
1031817
vdb-entry
x_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertId=37711
x_refsource_CONFIRM
20150226 Cisco IOS Software Authentication Proxy Bypass Vulnerability
vendor-advisory
x_refsource_CISCO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now