Vulnerability Details : CVE-2012-5424
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.
Vulnerability category: Input validation
Products affected by CVE-2012-5424
- cpe:2.3:a:cisco:secure_access_control_server:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:5.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5424
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5424
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-5424
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5424
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs
Cisco Secure Access Control System TACACS+ Authentication Bypass VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/56433
Cisco Secure Access Control System (ACS) CVE-2012-5424 Authentication Bypass Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79860
Cisco Secure Access Control System security bypass CVE-2012-5424 Vulnerability Report
-
http://www.securitytracker.com/id?1027733
Cisco Secure Access Control System Password Validation Flaw Lets Remote Users Bypass TACACS+ Authentication - SecurityTracker
Jump to