Security Advisory

CVE-2015-0607

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-03-06 02:00:00

Last updated 2024-08-06 04:17:32

Assigner cisco

State PUBLISHED

Description

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

← Browse all CVEs View on cve.org ↗