Total vulnerabilities in the database
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.
Software | From | Fixed in |
---|---|---|
cisco / ios | 15.4(2)t1 | 15.4(2)t1.x |
cisco / ios | 15.4(1)t2 | 15.4(1)t2.x |
cisco / ios | 15.4(2)t2 | 15.4(2)t2.x |
cisco / ios | 15.4(2)t3 | 15.4(2)t3.x |
cisco / ios | 15.4(1)t3 | 15.4(1)t3.x |
cisco / ios | 15.4(1)t | 15.4(1)t.x |
cisco / ios | 15.4(2)t | 15.4(2)t.x |
cisco / ios | 15.4(1)t1 | 15.4(1)t1.x |
cisco / ios | 15.4t | 15.4t.x |
cisco / ios | 15.4(1)t4 | 15.4(1)t4.x |
cisco / ios | 15.4(100)t | 15.4(100)t.x |