The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a tacacs-server host command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Anomaly_guard_module | Cisco | 5.0(1) (including) | 5.0(1) (including) |
Anomaly_guard_module | Cisco | 5.0(3) (including) | 5.0(3) (including) |
Guard | Cisco | 5.0(1) (including) | 5.0(1) (including) |
Guard | Cisco | 5.0(3) (including) | 5.0(3) (including) |
Traffic_anomaly_detector_module | Cisco | 5.0(1) (including) | 5.0(1) (including) |
Traffic_anomaly_detector_module | Cisco | 5.0(3) (including) | 5.0(3) (including) |