Cisco IOS AAA RADIUS Long Username Authentication Bypass (CSCee45312)

medium Nessus Plugin ID 20933

Synopsis

The remote Cisco IOS RADIUS server is prone to a remote authentication bypass attack.

Description

The remote host is a CISCO router containing a version of IOS that contains a faulty RADIUS implementation which may lead to an authentication bypass vulnerability.

An attacker may exploit this problem to gain unauthorized access to the service.

Solution

http://www.nessus.org/u?b981b4d9

Plugin Details

Severity: Medium

ID: 20933

File Name: CSCee45312.nasl

Version: 1.17

Type: local

Family: CISCO

Published: 2/17/2006

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/sysDesc, SNMP/community, CISCO/model

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/29/2005

Reference Information

CVE: CVE-2005-2105

BID: 14092

Detections

Analytics