CVE-2005-2105Improper Authentication in Cisco IOS

CWE-287Improper Authentication4 documents2 sources
Severity
7.5HIGHNVD
NVD4.3
EPSS
0.8%
top 26.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedJul 5
Latest updateMay 1

Description

Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/ios95 versions+94

Patches

Patch: www.cisco.comPatch: www.securitytracker.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-x65w-rc3c-c7r6: Cisco IOS 122022-05-01
GHSA
GHSA-wmmp-2f22-959m: Cisco IOS 122022-05-01