CVE-2006-0764 Information

Description

The Authentication Authorization and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products when running with an incomplete TACACS+ configuration without a \tacacs-server host\ command allows remote attackers to bypass authentication and gain privileges aka Bug ID CSCsd21455.

Reference

http://secunia.com/advisories/18904 http://securityreason.com/securityalert/435 http://securitytracker.com/id?1015637 http://securitytracker.com/id?1015638 http://www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml http://www.osvdb.org/23237 http://www.securityfocus.com/bid/16661 http://www.vupen.com/english/advisories/2006/0612 https://exchange.xforce.ibmcloud.com/vulnerabilities/24689