Vulnslist

Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability

Cisco-SA-20121107-CVE-2012-5424 · Medium · Published 13 years ago · Updated 13 years ago

Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication services offered by the affected application. The vulnerability is due to improper validation of user-supplied input processed by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending a special sequence of characters when prompted for a targeted user's password. Successful exploitation could allow the attacker to gain unauthorized access to any system that uses TACACS+  and relies on the authentication service provided by the affected software in the networking environment. Cisco has confirmed this vulnerability and software updates are available. A successful exploit requires an attacker to know a valid username stored in the LDAP external identity store. If valid usernames have been compromised, the attacker can impersonate only those users. Administrators may consider using role-based access controls (RBAC) for users in the environment to help protect network resources in the event of a successful exploit. In addition, an attacker would likely need access to an internal, trusted network in which a targeted device may reside, decreasing the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Related Products