Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

cisco-sa-20121107-acs · Medium · Published · Updated

Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the authentication protocol and Cisco Secure ACS is configured with a Lightweight Directory Access Protocol (LDAP) external identity store. An attacker may exploit this vulnerability by sending a special sequence of characters when prompted for the user password. The attacker would need to know a valid username stored in the LDAP external identity store to exploit this vulnerability, and the exploitation is limited to impersonate only that user. An exploit could allow the attacker to successfully authenticate to any system using TACACS+ in combination with an affected Cisco Secure ACS. Cisco has released software updates that address this vulnerability. There are no workarounds for this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs

Cisco advisory · CSAF JSON

Workarounds

There is no workaround for this vulnerability. If possible, disable anonymous
binding on the LDAP external identity store or use Active Directory external
identity store to help prevent exploitation of this vulnerability.

CVEsCVE-2012-5424
Cisco Bug IDsCSCuc65634
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Secure Access Control System (ACS)

Related Products

Product CVE Evidence
Cisco Secure Access Control System (ACS) CVE-2012-5424 Cisco OpenVuln