CVE Vulnerabilities

CVE-2005-4499

Published: Dec 22, 2005 | Modified: Aug 11, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.

Affected Software

Name Vendor Start Version End Version
Vpn_3001_concentrator Cisco * *
Vpn_3015_concentrator Cisco * *
Vpn_3020_concentrator Cisco * *
Vpn_3030_concentator Cisco * *
Vpn_3060_concentrator Cisco * *
Vpn_3080_concentrator Cisco * *
Adaptive_security_appliance_software Cisco 7.0 (including) 7.0 (including)
Adaptive_security_appliance_software Cisco 7.0(4) (including) 7.0(4) (including)
Adaptive_security_appliance_software Cisco 7.0.1.4 (including) 7.0.1.4 (including)
Adaptive_security_appliance_software Cisco 7.0.4.3 (including) 7.0.4.3 (including)
Vpn_3000_concentrator_series_software Cisco 2.0 (including) 2.0 (including)
Vpn_3000_concentrator_series_software Cisco 2.5.2.a (including) 2.5.2.a (including)
Vpn_3000_concentrator_series_software Cisco 2.5.2.b (including) 2.5.2.b (including)
Vpn_3000_concentrator_series_software Cisco 2.5.2.c (including) 2.5.2.c (including)
Vpn_3000_concentrator_series_software Cisco 2.5.2.d (including) 2.5.2.d (including)
Vpn_3000_concentrator_series_software Cisco 2.5.2.f (including) 2.5.2.f (including)
Vpn_3000_concentrator_series_software Cisco 3.0 (including) 3.0 (including)
Vpn_3000_concentrator_series_software Cisco 3.0.3.a (including) 3.0.3.a (including)
Vpn_3000_concentrator_series_software Cisco 3.0.3.b (including) 3.0.3.b (including)
Vpn_3000_concentrator_series_software Cisco 3.0.4 (including) 3.0.4 (including)
Vpn_3000_concentrator_series_software Cisco 3.1 (including) 3.1 (including)
Vpn_3000_concentrator_series_software Cisco 3.1(rel) (including) 3.1(rel) (including)
Vpn_3000_concentrator_series_software Cisco 3.1.1 (including) 3.1.1 (including)
Vpn_3000_concentrator_series_software Cisco 3.1.2 (including) 3.1.2 (including)
Vpn_3000_concentrator_series_software Cisco 3.1.4 (including) 3.1.4 (including)
Vpn_3000_concentrator_series_software Cisco 3.5(rel) (including) 3.5(rel) (including)
Vpn_3000_concentrator_series_software Cisco 3.5.1 (including) 3.5.1 (including)
Vpn_3000_concentrator_series_software Cisco 3.5.2 (including) 3.5.2 (including)
Vpn_3000_concentrator_series_software Cisco 3.5.3 (including) 3.5.3 (including)
Vpn_3000_concentrator_series_software Cisco 3.5.4 (including) 3.5.4 (including)
Vpn_3000_concentrator_series_software Cisco 3.5.5 (including) 3.5.5 (including)
Vpn_3000_concentrator_series_software Cisco 3.6 (including) 3.6 (including)
Vpn_3000_concentrator_series_software Cisco 3.6.1 (including) 3.6.1 (including)
Vpn_3000_concentrator_series_software Cisco 3.6.3 (including) 3.6.3 (including)
Vpn_3000_concentrator_series_software Cisco 3.6.5 (including) 3.6.5 (including)
Vpn_3000_concentrator_series_software Cisco 3.6.7 (including) 3.6.7 (including)
Vpn_3000_concentrator_series_software Cisco 3.6.7.a (including) 3.6.7.a (including)
Vpn_3000_concentrator_series_software Cisco 3.6.7.b (including) 3.6.7.b (including)
Vpn_3000_concentrator_series_software Cisco 3.6.7.c (including) 3.6.7.c (including)
Vpn_3000_concentrator_series_software Cisco 3.6.7.d (including) 3.6.7.d (including)
Vpn_3000_concentrator_series_software Cisco 3.6.7.f (including) 3.6.7.f (including)
Vpn_3000_concentrator_series_software Cisco 3.6.7d (including) 3.6.7d (including)
Vpn_3000_concentrator_series_software Cisco 4.0 (including) 4.0 (including)
Vpn_3000_concentrator_series_software Cisco 4.0.1 (including) 4.0.1 (including)
Vpn_3000_concentrator_series_software Cisco 4.0.2 (including) 4.0.2 (including)
Vpn_3000_concentrator_series_software Cisco 4.0.5.b (including) 4.0.5.b (including)
Vpn_3000_concentrator_series_software Cisco 4.1.5.b (including) 4.1.5.b (including)
Vpn_3000_concentrator_series_software Cisco 4.1.7.a (including) 4.1.7.a (including)
Vpn_3000_concentrator_series_software Cisco 4.1.7.b (including) 4.1.7.b (including)
Vpn_3000_concentrator_series_software Cisco 4.7.1 (including) 4.7.1 (including)
Vpn_3000_concentrator_series_software Cisco 4.7.1.f (including) 4.7.1.f (including)
Vpn_3005_concentrator_software Cisco 4.0.1 (including) 4.0.1 (including)
Vpn_3030_concentator Cisco 4.7.1 (including) 4.7.1 (including)
Vpn_3030_concentator Cisco 4.7.1.f (including) 4.7.1.f (including)

References