RADIUS Authentication Bypass - Cisco Systems

This script is (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Remote Authentication Dial In User Service (RADIUS) authentication on a
device that is running certain versions of Cisco Internetworking
Operating System (IOS) and configured with a fallback method to none
can be bypassed.
Systems that are configured for other authentication methods or that
are not configured with a fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are
affected. Not all configurations using RADIUS and none are vulnerable
to this issue. Some configurations using RADIUS, none and an additional
method are not affected.
Cisco has made free software available to address this vulnerability.
There are workarounds available to mitigate the effects of the
vulnerability.
The vulnerabilities are documented as the following Cisco Bug IDs:

See also :

http://www.nessus.org/u?b981b4d9
http://www.nessus.org/u?f5408145

Solution :

Apply the described patch (see plugin output).

Risk factor :

High

Family: CISCO

Nessus Plugin ID: 55424 ()

Bugtraq ID:

CVE ID: