CVE-2015-0607 - OpenCVE

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ios

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios:15.4\(1\)t:::::::*
	cpe:2.3:o:cisco:ios:15.4\(1\)t1:::::::*
	cpe:2.3:o:cisco:ios:15.4\(1\)t2:::::::*
	cpe:2.3:o:cisco:ios:15.4\(1\)t3:::::::*
	cpe:2.3:o:cisco:ios:15.4\(1\)t4:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t1:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t2:::::::*
	cpe:2.3:o:cisco:ios:15.4\(2\)t3:::::::*
	cpe:2.3:o:cisco:ios:15.4\(100\)t:::::::*
	cpe:2.3:o:cisco:ios:15.4t:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607
http://tools.cisco.com/security/center/viewAlert.x?alertId=37711
http://www.securityfocus.com/bid/72794
http://www.securitytracker.com/id/1031817

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2015-03-06T02:00:00

Updated: 2024-08-06T04:17:32.833Z

Reserved: 2015-01-07T00:00:00

Link: CVE-2015-0607

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-03-06T03:00:13.470

Modified: 2015-03-06T16:17:32.077

Link: CVE-2015-0607

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-06T01:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "72794", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72794"}, {"name": "1031817", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031817"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711"}, {"name": "20150226 Cisco IOS Software Authentication Proxy Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-0607", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "72794", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72794"}, {"name": "1031817", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031817"}, {"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711"}, {"name": "20150226 Cisco IOS Software Authentication Proxy Bypass Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:17:32.833Z"}, "title": "CVE Program Container", "references": [{"name": "72794", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72794"}, {"name": "1031817", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031817"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711"}, {"name": "20150226 Cisco IOS Software Authentication Proxy Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-0607", "datePublished": "2015-03-06T02:00:00", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2024-08-06T04:17:32.833Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t:*:*:*:*:*:*:*", "matchCriteriaId": "A0B856BB-0FFE-4A92-9CE7-D71B6C611CD3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t1:*:*:*:*:*:*:*", "matchCriteriaId": "C1EE552E-226C-46DE-9861-CB148AD8FB44", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t2:*:*:*:*:*:*:*", "matchCriteriaId": "CAF02C8E-9BB2-4DC2-8BF1-932835191F09", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t3:*:*:*:*:*:*:*", "matchCriteriaId": "2C1B86D1-344A-470D-8A35-BD8A9ABE9D9A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)t4:*:*:*:*:*:*:*", "matchCriteriaId": "C5AC88EB-7A67-4CDE-9C69-94734966E677", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t:*:*:*:*:*:*:*", "matchCriteriaId": "74E1226B-46CF-4C82-911A-86C818A75DFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t1:*:*:*:*:*:*:*", "matchCriteriaId": "100DA24F-464E-4273-83DF-6428D0ED6641", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t2:*:*:*:*:*:*:*", "matchCriteriaId": "063C0C47-25EB-4AA4-9332-8E43CD60FF39", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)t3:*:*:*:*:*:*:*", "matchCriteriaId": "A6004A94-FF96-4A34-B3CC-D4B4E555CFB4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4\\(100\\)t:*:*:*:*:*:*:*", "matchCriteriaId": "844CB97B-B6DE-44E5-B1DD-EA4976E58A84", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.4t:*:*:*:*:*:*:*", "matchCriteriaId": "512D35A9-14FB-4797-88F1-AAE6F1232057", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016."}, {"lang": "es", "value": "La caracter\u00edstica Authentication Proxy en Cisco IOS no maneja correctamente los c\u00f3digos de retorno AAA inv\u00e1lidos de los servidores RADIUS y TACACS+, lo que permite a atacantes remotos evadir la autenticaci\u00f3n en circunstancias oportunistas a trav\u00e9s de un intento de conexi\u00f3n que provoca un c\u00f3digo inv\u00e1lido, tal y como fue demostrado por un intento de conexi\u00f3n con una contrase\u00f1a en blanco, tambi\u00e9n conocido como Bug IDs CSCuo09400 y CSCun16016."}], "id": "CVE-2015-0607", "lastModified": "2015-03-06T16:17:32.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-06T03:00:13.470", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0607"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37711"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/72794"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1031817"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}