CVE-2012-5424

CWE-20 โ€” Improper Input ValidationCWE-287 โ€” Improper Authentication5 documents4 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 36.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Access Control Server
Timeline
PublishedNov 7
Latest updateMay 17

Description

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDcisco/secure_access_control_server4 versions+3

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-m5mg-489p-j2jg: Cisco Secure Access Control System (ACS) 5โ†—2022-05-17
โ–ถ
CVEList
CVE-2012-5424: Cisco Secure Access Control System (ACS) 5โ†—2012-11-07
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Cisco
Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerabilityโ†—2012-11-07
โ–ถ
Cisco
Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerabilityโ†—2012-11-07
โ–ถ