Vulnerability Description
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn 3001 Concentrator | All versions |
| Cisco | Vpn 3015 Concentrator | All versions |
| Cisco | Vpn 3020 Concentrator | All versions |
| Cisco | Vpn 3030 Concentator | All versions |
| Cisco | Vpn 3060 Concentrator | All versions |
| Cisco | Vpn 3080 Concentrator | All versions |
| Cisco | Adaptive Security Appliance Software | 7.0 |
| Cisco | Vpn 3000 Concentrator Series Software | 2.0 |
| Cisco | Vpn 3005 Concentrator Software | 4.0.1 |
| Cisco | Pix Asa Ids | All versions |
| Cisco | Pix Firewall | 6.2.2_.111 |
| Cisco | Secure Access Control Server | All versions |
| Cisco | Vpn 3002 Hardware Client | All versions |
| Cisco | Pix Firewall 501 | All versions |
| Cisco | Pix Firewall 506 | All versions |
| Cisco | Pix Firewall 515 | All versions |
| Cisco | Pix Firewall 515E | All versions |
| Cisco | Pix Firewall 520 | All versions |
| Cisco | Pix Firewall 525 | All versions |
| Cisco | Pix Firewall 535 | All versions |
References
- http://secunia.com/advisories/18141
- http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186
- http://www.osvdb.org/22193
- http://www.securityfocus.com/archive/1/420020/100/0/threaded
- http://www.securityfocus.com/archive/1/420103/100/0/threaded
- http://www.securityfocus.com/bid/16025
- http://secunia.com/advisories/18141
- http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186
- http://www.osvdb.org/22193
- http://www.securityfocus.com/archive/1/420020/100/0/threaded
- http://www.securityfocus.com/archive/1/420103/100/0/threaded
- http://www.securityfocus.com/bid/16025
FAQ
What is CVE-2005-4499?
CVE-2005-4499 is a vulnerability with a CVSS score of 7.5 (HIGH). The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that ...
How severe is CVE-2005-4499?
CVE-2005-4499 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4499?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn 3001 Concentrator, Cisco Vpn 3015 Concentrator, Cisco Vpn 3020 Concentrator, Cisco Vpn 3030 Concentator, Cisco Vpn 3060 Concentrator.