Cisco Traffic Anomaly Detector Module 5.0(1) Remote Code Execution

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.9 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Cisco Traffic Anomaly Detector Module 5.0(1). Impacted is an unknown function. The manipulation leads to Remote Code Execution. This vulnerability is documented as CVE-2006-0764. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability was found in Cisco Traffic Anomaly Detector Module 5.0(1). It has been rated as problematic. This issue affects an unknown code. The manipulation with an unknown input leads to a remote code execution vulnerability. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
The weakness was released 02/15/2006 by Gerrit Wenig (Website). The advisory is shared at cisco.com. The identification of this vulnerability is CVE-2006-0764 since 02/18/2006. The exploitation is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but an exploit is available.
After even before and not, there has been an exploit disclosed. It is declared as proof-of-concept.
Applying a patch is able to eliminate this problem.
The vulnerability is also documented in the databases at X-Force (24689), SecurityFocus (BID 16661†), OSVDB (23237†), Secunia (SA18904†) and SecurityTracker (ID 1015637†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 4.9
VulDB Base Score: 5.6
VulDB Temp Score: 4.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Remote Code ExecutionCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
02/15/2006 🔍02/15/2006 🔍
02/15/2006 🔍
02/15/2006 🔍
02/16/2006 🔍
02/16/2006 🔍
02/17/2006 🔍
02/18/2006 🔍
03/12/2015 🔍
08/05/2017 🔍
Sources
Vendor: cisco.comAdvisory: cisco.com
Researcher: Gerrit Wenig
Status: Confirmed
CVE: CVE-2006-0764 (🔍)
GCVE (CVE): GCVE-0-2006-0764
GCVE (VulDB): GCVE-100-28781
X-Force: 24689 - Multiple Cisco Anomaly Detection and Mitigation products TACACS+ authentication bypass
SecurityFocus: 16661 - Cisco Multiple Products TACACS+ Authentication Bypass Vulnerability
Secunia: 18904 - Cisco Products TACACS+ Authentication Bypass, Less Critical
OSVDB: 23237 - Cisco Multiple Products Misconfigured TACACS+ Server Authentication Bypass
SecurityTracker: 1015637 - Cisco Guard May Let Remote Users Bypass TACACS+ Authentication
Vupen: ADV-2006-0612
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/12/2015 11:11Updated: 08/05/2017 09:23
Changes: 03/12/2015 11:11 (59), 08/05/2017 09:23 (8)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.