Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-0607

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

Published

2015-03-06T03:00:13.470

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios 15.4\(1\)t Yes
Operating System cisco ios 15.4\(1\)t1 Yes
Operating System cisco ios 15.4\(1\)t2 Yes
Operating System cisco ios 15.4\(1\)t3 Yes
Operating System cisco ios 15.4\(1\)t4 Yes
Operating System cisco ios 15.4\(2\)t Yes
Operating System cisco ios 15.4\(2\)t1 Yes
Operating System cisco ios 15.4\(2\)t2 Yes
Operating System cisco ios 15.4\(2\)t3 Yes
Operating System cisco ios 15.4\(100\)t Yes
Operating System cisco ios 15.4t Yes
References