RADIUS ACLs Vulnerability in Cisco PIX and VPN 3000 Concentrators
CVE-2005-4499

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn 3001 Concentrator; Vpn 3015 Concentrator; Vpn 3020 Concentrator; Vpn 3030 Concentator
Vendor: CVE Published:; 22 December 2005

Summary

The Downloadable RADIUS ACLs feature within Cisco PIX and VPN 3000 concentrators has a significant flaw that enables remote attackers to gain administrative privileges. When an Access Control List (ACL) is created through the Cisco Secure Access Control Server (CS ACS), a random internal name is generated that inadvertently serves as a hidden username and password. Attackers can intercept the username via the unencrypted text of a RADIUS session and exploit the random password to access other devices integrated with CS ACS, compromising security and network integrity. Implementing strict controls and deploying updates are recommended to mitigate this risk.

References

http://www.securityfocus.com/archive/1/420020/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/16025

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/products/sw/secursw/ps2086/pro...

x_refsource_MISC

Timeline

Vulnerability published
Dec 22, 2005
Vulnerability Reserved
Dec 22, 2005