CVE-2006-0764
Last modified
CVE-2006-0764 is a vulnerability of currently unknown severity. The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.. EPSS estimates a 1.98% chance of exploitation in the next 30 days.
Description
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Anomaly Guard Module | 5.0\(1\) |
| Cisco | Anomaly Guard Module | 5.0\(3\) |
| Cisco | Guard | 5.0\(1\) |
| Cisco | Guard | 5.0\(3\) |
| Cisco | Traffic Anomaly Detector Module | 5.0\(1\) |
| Cisco | Traffic Anomaly Detector Module | 5.0\(3\) |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-0764?
How severe is CVE-2006-0764?
How do I fix CVE-2006-0764?
Are you affected by CVE-2006-0764?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST