Details of VAR-201211-0082

ID

VAR-201211-0082

CVE

CVE-2012-5424

TITLE

Cisco Secure Access Control System Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2012-005294

DESCRIPTION

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. This issue is being tracked by Cisco Bug ID CSCuc65634. The server provides a comprehensive identity-based access control solution for the Cisco Intelligent Information Network. When using certain configurations including TACACS+ and LDAP, passwords were not properly validated. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Secure Access Control System Security Bypass Vulnerability SECUNIA ADVISORY ID: SA51194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51194 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51194/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51194/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51194 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Secure ACS, which can be exploited by malicious people to bypass security restrictions. The vulnerability is caused due to an error when validating a password when used via the TACACS+ authentication protocol and can be exploited to gain access without authentication. Successful exploitation requires that LDAP is configured as an external identity store and knowledge of a valid username. The vulnerability is reported in versions 5.0 through 5.3. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2012-5424 // JVNDB: JVNDB-2012-005294 // BID: 56433 // VULHUB: VHN-58705 // PACKETSTORM: 117989

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	5.3	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	5.0	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	5.2	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	5.1	Trust: 1.6
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.3 patch 7	Trust: 0.8
vendor:	cisco	model:	secure access control system software	scope:	lt	version:	5.x	Trust: 0.8
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.2 patch 11	Trust: 0.8
vendor:	cisco	model:	secure access control system software	scope:	lt	version:	5.3	Trust: 0.8

sources: JVNDB: JVNDB-2012-005294 // CNNVD: CNNVD-201211-152 // NVD: CVE-2012-5424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5424
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-5424
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201211-152
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-58705
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5424
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-58705
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-58705 // JVNDB: JVNDB-2012-005294 // CNNVD: CNNVD-201211-152 // NVD: CVE-2012-5424

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-58705 // JVNDB: JVNDB-2012-005294 // NVD: CVE-2012-5424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-152

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201211-152

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005294

PATCH

title:

cisco-sa-20121107-acs

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs

Trust: 0.8

sources: JVNDB: JVNDB-2012-005294

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5424	Trust: 2.8
db:	BID	id:	56433	Trust: 1.4
db:	SECUNIA	id:	51194	Trust: 1.2
db:	SECTRACK	id:	1027733	Trust: 1.1
db:	OSVDB	id:	87251	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-005294	Trust: 0.8
db:	CNNVD	id:	CNNVD-201211-152	Trust: 0.7
db:	CISCO	id:	20121107 CISCO SECURE ACCESS CONTROL SYSTEM TACACS+ AUTHENTICATION BYPASS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-58705	Trust: 0.1
db:	PACKETSTORM	id:	117989	Trust: 0.1

sources: VULHUB: VHN-58705 // BID: 56433 // JVNDB: JVNDB-2012-005294 // PACKETSTORM: 117989 // CNNVD: CNNVD-201211-152 // NVD: CVE-2012-5424

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20121107-acs	Trust: 1.8
url:	http://www.securityfocus.com/bid/56433	Trust: 1.1
url:	http://osvdb.org/87251	Trust: 1.1
url:	http://www.securitytracker.com/id?1027733	Trust: 1.1
url:	http://secunia.com/advisories/51194	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/79860	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5424	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5424	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=51194	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/51194/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/51194/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-58705 // BID: 56433 // JVNDB: JVNDB-2012-005294 // PACKETSTORM: 117989 // CNNVD: CNNVD-201211-152 // NVD: CVE-2012-5424

CREDITS

Cisco

Trust: 0.3

sources: BID: 56433

SOURCES

db:	VULHUB	id:	VHN-58705
db:	BID	id:	56433
db:	JVNDB	id:	JVNDB-2012-005294
db:	PACKETSTORM	id:	117989
db:	CNNVD	id:	CNNVD-201211-152
db:	NVD	id:	CVE-2012-5424

LAST UPDATE DATE

2024-11-23T21:45:57.935000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-58705	date:	2017-08-29T00:00:00
db:	BID	id:	56433	date:	2012-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2012-005294	date:	2012-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201211-152	date:	2012-11-08T00:00:00
db:	NVD	id:	CVE-2012-5424	date:	2024-11-21T01:44:40.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-58705	date:	2012-11-07T00:00:00
db:	BID	id:	56433	date:	2012-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2012-005294	date:	2012-11-09T00:00:00
db:	PACKETSTORM	id:	117989	date:	2012-11-09T07:09:25
db:	CNNVD	id:	CNNVD-201211-152	date:	2012-11-08T00:00:00
db:	NVD	id:	CVE-2012-5424	date:	2012-11-07T23:55:01.320