CVE-2006-0764

Sažetak

The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.

Reference

http://secunia.com/advisories/18904
http://securityreason.com/securityalert/435
http://securitytracker.com/id?1015637
http://securitytracker.com/id?1015638
http://www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml
http://www.osvdb.org/23237
http://www.securityfocus.com/bid/16661
http://www.vupen.com/english/advisories/2006/0612
https://exchange.xforce.ibmcloud.com/vulnerabilities/24689

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2017 - 01:30

Objavljeno

18-02-2006 - 02:02