Executive Summary

Summary
Title Cisco Policy Suite RADIUS Authentication Bypass Vulnerability
Informations
Name cisco-sa-20180207-cps First vendor Publication 2018-02-07
Vendor Cisco Last vendor Modification 2018-02-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score 6.4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username.

The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJaeyP1XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczHLEP/2ij55573fX3vszrQrxr9vefy2EF Ng2t4OJBMeubOajtQF6ANOoWRmhOvbRGZy9FyGPJHYvDSzJcDfhz7wqjldf/zzDW UgxyLBxOteqOFwwvqBqoW3OLTjAi4bFAqQf8W3LRlPL5/SA4ci2c5hArYyPcH+sf 8Lzdch7ma9uCf0PzWIRfkI0JD4kLboOfWHIVVcCIoOg6/5XivZRLXYlliCYJFS+3 oJ0+nIC/6krS7g212v6Gc/KF794pd1obayIjeiPzB/7/b3g/ZmhEvyNj5Rnut6wU g/Fs56q79ySu0baRmwhJ1bVwIOyIVcvvn/QCmY9U+VrZ0hudkeYOD31AiALjVkKy aHW8kUHRdQ/1+R8EmVL4A5O3cXGhz04Z39Y02im7WefyMux6lbHOWJsr5b7Vg79v 67ecLb/+7lJm1h9RnfBbCtqP/Ql7r1WU6PyIXDnQ5ttpmerQg7X0QYcYfe+rKfEA eO+L839N5Ng1IyR1yzF9RVTZet0Z3rNWDhBnw/SEXWKH5L2JZxdpBHTNHje2qOK +NSmUEqowQwaz3W4542X+co8PP+S1xpTxta0CNOljYvuuWIUdt9llMpeY10l6YR4v 6Mtreh/h85z7U+/s3KlCLEB+XUvYo0bqJ+nsQLOsCDT/enmNMUC4h9S6JEasSyGr Y7kIqSJKlj5i1uSK =eru7 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-03-08 21:24:20
  • Multiple Updates
2018-02-08 12:05:09
  • Multiple Updates
2018-02-07 21:20:03
  • First insertion