Executive Summary

Title Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability
Name cisco-sa-20121107-acs First vendor Publication 2012-11-07
Vendor Cisco Last vendor Modification 2012-11-07
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS +based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the authentication protocol and Cisco Secure ACS is configured with a Lightweight Directory Access Protocol (LDAP) external identity store.

An attacker may exploit this vulnerability by sending a special sequence of characters when prompted for the user password. The attacker would need to know a valid username stored in the LDAP external identity store to exploit this vulnerability, and the exploitation is limited to impersonate only that user. An exploit could allow the attacker to successfully authenticate to any system using TACACS+ in combination with an affected Cisco Secure ACS.

Cisco has released free software updates that address this vulnerability.

There are no workarounds for this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlCahBgACgkQUddfH3/BbTry0gD+ODX/mW0lFysJb+ga9d8hSJib y3Nt7PWArjcjgBBfV6cA/3xq5kIJ57XxuNw63zIaTpay5N+sUNLDJ37bdjxu+hTf =GL1C END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Application 4

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-11-15 IAVM : 2012-B-0113 - Cisco Secure Access Control System (ACS) Authentication Bypass Vulnerability
Severity : Category I - VMSKEY : V0034958

Nessus® Vulnerability Scanner

Date Description
2013-07-30 Name : The remote host is missing a vendor-supplied security patch.
File : cisco-sa-20121107-acs.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 10:22:07
  • Multiple Updates
2013-11-11 12:37:31
  • Multiple Updates
2013-02-06 19:08:02
  • Multiple Updates
2012-11-07 21:18:06
  • First insertion