Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios | Cisco | 12.0xk (including) | 12.0xk (including) |
| Ios | Cisco | 12.0xr (including) | 12.0xr (including) |
| Ios | Cisco | 12.1 (including) | 12.1 (including) |
| Ios | Cisco | 12.1e (including) | 12.1e (including) |
| Ios | Cisco | 12.1ex (including) | 12.1ex (including) |
| Ios | Cisco | 12.1t (including) | 12.1t (including) |
| Ios | Cisco | 12.1xc (including) | 12.1xc (including) |
| Ios | Cisco | 12.1xh (including) | 12.1xh (including) |
| Ios | Cisco | 12.1xi (including) | 12.1xi (including) |
| Ios | Cisco | 12.1xj (including) | 12.1xj (including) |
| Ios | Cisco | 12.1xm (including) | 12.1xm (including) |
| Ios | Cisco | 12.1xp (including) | 12.1xp (including) |
| Ios | Cisco | 12.1xr (including) | 12.1xr (including) |
| Ios | Cisco | 12.1yb (including) | 12.1yb (including) |
| Ios | Cisco | 12.1yd (including) | 12.1yd (including) |
| Ios | Cisco | 12.1yf (including) | 12.1yf (including) |
| Ios | Cisco | 12.1yi (including) | 12.1yi (including) |
| Ios | Cisco | 12.2 (including) | 12.2 (including) |
| Ios | Cisco | 12.2b (including) | 12.2b (including) |
| Ios | Cisco | 12.2bw (including) | 12.2bw (including) |
| Ios | Cisco | 12.2cz (including) | 12.2cz (including) |
| Ios | Cisco | 12.2dd (including) | 12.2dd (including) |
| Ios | Cisco | 12.2ex (including) | 12.2ex (including) |
| Ios | Cisco | 12.2ey (including) | 12.2ey (including) |
| Ios | Cisco | 12.2fz (including) | 12.2fz (including) |
| Ios | Cisco | 12.2ira (including) | 12.2ira (including) |
| Ios | Cisco | 12.2irb (including) | 12.2irb (including) |
| Ios | Cisco | 12.2irc (including) | 12.2irc (including) |
| Ios | Cisco | 12.2ixa (including) | 12.2ixa (including) |
| Ios | Cisco | 12.2ixb (including) | 12.2ixb (including) |
| Ios | Cisco | 12.2ixc (including) | 12.2ixc (including) |
| Ios | Cisco | 12.2ixd (including) | 12.2ixd (including) |
| Ios | Cisco | 12.2ixe (including) | 12.2ixe (including) |
| Ios | Cisco | 12.2ixf (including) | 12.2ixf (including) |
| Ios | Cisco | 12.2ixg (including) | 12.2ixg (including) |
| Ios | Cisco | 12.2s (including) | 12.2s (including) |
| Ios | Cisco | 12.2sbc (including) | 12.2sbc (including) |
| Ios | Cisco | 12.2se (including) | 12.2se (including) |
| Ios | Cisco | 12.2sec (including) | 12.2sec (including) |
| Ios | Cisco | 12.2sed (including) | 12.2sed (including) |
| Ios | Cisco | 12.2see (including) | 12.2see (including) |
| Ios | Cisco | 12.2sef (including) | 12.2sef (including) |
| Ios | Cisco | 12.2seg (including) | 12.2seg (including) |
| Ios | Cisco | 12.2sg (including) | 12.2sg (including) |
| Ios | Cisco | 12.2sga (including) | 12.2sga (including) |
| Ios | Cisco | 12.2sq (including) | 12.2sq (including) |
| Ios | Cisco | 12.2sra (including) | 12.2sra (including) |
| Ios | Cisco | 12.2srb (including) | 12.2srb (including) |
| Ios | Cisco | 12.2src (including) | 12.2src (including) |
| Ios | Cisco | 12.2su (including) | 12.2su (including) |
| Ios | Cisco | 12.2sx (including) | 12.2sx (including) |
| Ios | Cisco | 12.2sxa (including) | 12.2sxa (including) |
| Ios | Cisco | 12.2sxb (including) | 12.2sxb (including) |
| Ios | Cisco | 12.2sxd (including) | 12.2sxd (including) |
| Ios | Cisco | 12.2sxe (including) | 12.2sxe (including) |
| Ios | Cisco | 12.2sxf (including) | 12.2sxf (including) |
| Ios | Cisco | 12.2sxh (including) | 12.2sxh (including) |
| Ios | Cisco | 12.2sxi (including) | 12.2sxi (including) |
| Ios | Cisco | 12.2t (including) | 12.2t (including) |
| Ios | Cisco | 12.2tpc (including) | 12.2tpc (including) |
| Ios | Cisco | 12.2xa (including) | 12.2xa (including) |
| Ios | Cisco | 12.2xb (including) | 12.2xb (including) |
| Ios | Cisco | 12.2xd (including) | 12.2xd (including) |
| Ios | Cisco | 12.2xe (including) | 12.2xe (including) |
| Ios | Cisco | 12.2xg (including) | 12.2xg (including) |
| Ios | Cisco | 12.2xj (including) | 12.2xj (including) |
| Ios | Cisco | 12.2xk (including) | 12.2xk (including) |
| Ios | Cisco | 12.2xl (including) | 12.2xl (including) |
| Ios | Cisco | 12.2xm (including) | 12.2xm (including) |
| Ios | Cisco | 12.2xo (including) | 12.2xo (including) |
| Ios | Cisco | 12.2xq (including) | 12.2xq (including) |
| Ios | Cisco | 12.2xt (including) | 12.2xt (including) |
| Ios | Cisco | 12.2xv (including) | 12.2xv (including) |
| Ios | Cisco | 12.2xw (including) | 12.2xw (including) |
| Ios | Cisco | 12.2ya (including) | 12.2ya (including) |
| Ios | Cisco | 12.2yb (including) | 12.2yb (including) |
| Ios | Cisco | 12.2yc (including) | 12.2yc (including) |
| Ios | Cisco | 12.2ye (including) | 12.2ye (including) |
| Ios | Cisco | 12.2yf (including) | 12.2yf (including) |
| Ios | Cisco | 12.2yh (including) | 12.2yh (including) |
| Ios | Cisco | 12.2yl (including) | 12.2yl (including) |
| Ios | Cisco | 12.2ym (including) | 12.2ym (including) |
| Ios | Cisco | 12.2yn (including) | 12.2yn (including) |
| Ios | Cisco | 12.2yq (including) | 12.2yq (including) |
| Ios | Cisco | 12.2yu (including) | 12.2yu (including) |
| Ios | Cisco | 12.2yv (including) | 12.2yv (including) |
| Ios | Cisco | 12.2yx (including) | 12.2yx (including) |
| Ios | Cisco | 12.2yz (including) | 12.2yz (including) |
| Ios | Cisco | 12.2zd (including) | 12.2zd (including) |
| Ios | Cisco | 12.2zh (including) | 12.2zh (including) |
| Ios | Cisco | 12.2zj (including) | 12.2zj (including) |
| Ios | Cisco | 12.2zl (including) | 12.2zl (including) |
| Ios | Cisco | 12.2zy (including) | 12.2zy (including) |
| Ios | Cisco | 12.2zya (including) | 12.2zya (including) |
| Ios | Cisco | 12.3 (including) | 12.3 (including) |
| Ios | Cisco | 12.3b (including) | 12.3b (including) |
| Ios | Cisco | 12.3jk (including) | 12.3jk (including) |
| Ios | Cisco | 12.3t (including) | 12.3t (including) |
| Ios | Cisco | 12.3tpc (including) | 12.3tpc (including) |
| Ios | Cisco | 12.3va (including) | 12.3va (including) |
| Ios | Cisco | 12.3xa (including) | 12.3xa (including) |
| Ios | Cisco | 12.3xc (including) | 12.3xc (including) |
| Ios | Cisco | 12.3xd (including) | 12.3xd (including) |
| Ios | Cisco | 12.3xe (including) | 12.3xe (including) |
| Ios | Cisco | 12.3xf (including) | 12.3xf (including) |
| Ios | Cisco | 12.3xg (including) | 12.3xg (including) |
| Ios | Cisco | 12.3xk (including) | 12.3xk (including) |
| Ios | Cisco | 12.3xl (including) | 12.3xl (including) |
| Ios | Cisco | 12.3xq (including) | 12.3xq (including) |
| Ios | Cisco | 12.3xr (including) | 12.3xr (including) |
| Ios | Cisco | 12.3xx (including) | 12.3xx (including) |
| Ios | Cisco | 12.3ya (including) | 12.3ya (including) |
| Ios | Cisco | 12.3yd (including) | 12.3yd (including) |
| Ios | Cisco | 12.3yg (including) | 12.3yg (including) |
| Ios | Cisco | 12.3yh (including) | 12.3yh (including) |
| Ios | Cisco | 12.3yi (including) | 12.3yi (including) |
| Ios | Cisco | 12.3yk (including) | 12.3yk (including) |
| Ios | Cisco | 12.3ym (including) | 12.3ym (including) |
| Ios | Cisco | 12.3yt (including) | 12.3yt (including) |
| Ios | Cisco | 12.3yz (including) | 12.3yz (including) |
| Ios | Cisco | 12.4 (including) | 12.4 (including) |
| Ios | Cisco | 12.4mr (including) | 12.4mr (including) |
| Ios | Cisco | 12.4t (including) | 12.4t (including) |
| Ios | Cisco | 12.4xa (including) | 12.4xa (including) |
| Ios | Cisco | 12.4xd (including) | 12.4xd (including) |
| Ios | Cisco | 12.4xe (including) | 12.4xe (including) |
| Ios | Cisco | 12.4xf (including) | 12.4xf (including) |
| Ios | Cisco | 12.4xj (including) | 12.4xj (including) |
| Ios | Cisco | 12.4xk (including) | 12.4xk (including) |
| Ios | Cisco | 12.4xt (including) | 12.4xt (including) |
| Ios | Cisco | 12.4xv (including) | 12.4xv (including) |
| Ios | Cisco | 12.4xw (including) | 12.4xw (including) |
| Ios | Cisco | 12.4xy (including) | 12.4xy (including) |
| Ios | Cisco | 12.4xz (including) | 12.4xz (including) |
| Ios | Cisco | 12.4ya (including) | 12.4ya (including) |
| Ios | Cisco | 12.4yb (including) | 12.4yb (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://osvdb.org/58340
- http://tools.cisco.com/security/center/viewAlert.x?alertId=18882
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.shtml
- http://www.securityfocus.com/bid/36491
- http://www.securitytracker.com/id?1022935
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53453
- http://osvdb.org/58340
- http://tools.cisco.com/security/center/viewAlert.x?alertId=18882
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8132.shtml
- http://www.securityfocus.com/bid/36491
- http://www.securitytracker.com/id?1022935
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53453