CVE-2015-0607 - OpenCVE

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Ios

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios:15.4\(1\)t:::::::*
	cpe:2.3:o:cisco:ios:15.4\(1\)t1:::::::*
	cpe:2.3:o:cisco:ios:15.4\(1\)t2:::::::*
	cpe:2.3:o:cisco:ios:15.4\(1\)t3:::::::*
	cpe:2.3:o:cisco:ios:15.4\(1\)t4:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t1:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t2:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t3:::::::*
	cpe:2.3:o:cisco:ios:15.4\(100\)t:::::::*
	cpe:2.3:o:cisco:ios:15.4t:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=37711	Vendor Advisory
http://www.securityfocus.com/bid/72794
http://www.securitytracker.com/id/1031817

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2015-03-06T02:00:00

Updated: 2015-03-06T01:57:01

Reserved: 2015-01-07T00:00:00

Link: CVE-2015-0607

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-03-06T03:00:13.470

Modified: 2015-03-06T16:17:32.077

Link: CVE-2015-0607

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-06T01:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "72794", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72794"}, {"name": "1031817", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031817"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711"}, {"name": "20150226 Cisco IOS Software Authentication Proxy Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-0607", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "72794", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72794"}, {"name": "1031817", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031817"}, {"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711"}, {"name": "20150226 Cisco IOS Software Authentication Proxy Bypass Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-0607", "datePublished": "2015-03-06T02:00:00", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2015-03-06T01:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t:*:*:*:*:*:*:*", "matchCriteriaId": "A0B856BB-0FFE-4A92-9CE7-D71B6C611CD3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t1:*:*:*:*:*:*:*", "matchCriteriaId": "C1EE552E-226C-46DE-9861-CB148AD8FB44", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t2:*:*:*:*:*:*:*", "matchCriteriaId": "CAF02C8E-9BB2-4DC2-8BF1-932835191F09", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t3:*:*:*:*:*:*:*", "matchCriteriaId": "2C1B86D1-344A-470D-8A35-BD8A9ABE9D9A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t4:*:*:*:*:*:*:*", "matchCriteriaId": "C5AC88EB-7A67-4CDE-9C69-94734966E677", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t:*:*:*:*:*:*:*", "matchCriteriaId": "74E1226B-46CF-4C82-911A-86C818A75DFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t1:*:*:*:*:*:*:*", "matchCriteriaId": "100DA24F-464E-4273-83DF-6428D0ED6641", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t2:*:*:*:*:*:*:*", "matchCriteriaId": "063C0C47-25EB-4AA4-9332-8E43CD60FF39", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t3:*:*:*:*:*:*:*", "matchCriteriaId": "A6004A94-FF96-4A34-B3CC-D4B4E555CFB4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(100\\)t:*:*:*:*:*:*:*", "matchCriteriaId": "844CB97B-B6DE-44E5-B1DD-EA4976E58A84", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4t:*:*:*:*:*:*:*", "matchCriteriaId": "512D35A9-14FB-4797-88F1-AAE6F1232057", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016."}, {"lang": "es", "value": "La caracter\u00edstica Authentication Proxy en Cisco IOS no maneja correctamente los c\u00f3digos de retorno AAA inv\u00e1lidos de los servidores RADIUS y TACACS+, lo que permite a atacantes remotos evadir la autenticaci\u00f3n en circunstancias oportunistas a trav\u00e9s de un intento de conexi\u00f3n que provoca un c\u00f3digo inv\u00e1lido, tal y como fue demostrado por un intento de conexi\u00f3n con una contrase\u00f1a en blanco, tambi\u00e9n conocido como Bug IDs CSCuo09400 y CSCun16016."}], "id": "CVE-2015-0607", "lastModified": "2015-03-06T16:17:32.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-06T03:00:13.470", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/72794"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1031817"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}