The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote malicious users to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco guard 5.0\\(1\\) |
||
cisco guard 5.0\\(3\\) |
||
cisco traffic anomaly detector module 5.0\\(1\\) |
||
cisco traffic anomaly detector module 5.0\\(3\\) |
||
cisco anomaly guard module 5.0\\(1\\) |
||
cisco anomaly guard module 5.0\\(3\\) |