Published: 07/11/2012 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote malicious users to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco secure access control server 5.1
cisco secure access control server 5.2
cisco secure access control server 5.0
cisco secure access control server 5.3

Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication services offered by the affected application The vulnerability is due to improper validation of user-supplied input processed by the affected software An unauthenticated, remote attacker co ...

Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the authentication protocol and Cisco Secure ACS is confi ...

CWE-20 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs http://www.securityfocus.com/bid/56433 http://osvdb.org/87251 http://secunia.com/advisories/51194 http://www.securitytracker.com/id?1027733 https://exchange.xforce.ibmcloud.com/vulnerabilities/79860 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20121107-CVE-2012-5424

CVE-2012-5424

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect