This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote host is missing a vendor-supplied security patch.
The version of Cisco Secure Access Control (ACS) running on the remote
host has an authentication bypass vulnerability. When the system is
configured with an LDAP external identity store and TACACS+ is the
authentication protocol, the user-supplied password is not properly
validated. A remote attacker could exploit this to authenticate as a
known user to any system using TACACS+ in conjunction with an affected
Cisco Secure ACS.
See also :
Upgrade to the relevant Cisco Secure Access Control System version
referenced in Cisco Security Advisory cisco-sa-20121107-acs.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true