This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote host is missing a vendor-supplied security patch.
The version of Cisco Secure Access Control (ACS) running on the remote
host has an authentication bypass vulnerability. When the system is
configured with an LDAP external identity store and TACACS+ is the
authentication protocol, the user-supplied password is not properly
validated. A remote attacker could exploit this to authenticate as a
known user to any system using TACACS+ in conjunction with an affected
Cisco Secure ACS.
See also :
Upgrade to the relevant Cisco Secure Access Control System version
referenced in Cisco Security Advisory cisco-sa-20121107-acs.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Nessus Plugin ID: 69135 ()
Bugtraq ID: 56433
CVE ID: CVE-2012-5424
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.