CVE-2006-0764

critical

Description

The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24689

http://www.vupen.com/english/advisories/2006/0612

http://www.securityfocus.com/bid/16661

http://www.osvdb.org/23237

http://www.cisco.com/en/US/products/products_security_advisory09186a008060519a.shtml

http://securitytracker.com/id?1015638

http://securitytracker.com/id?1015637

http://securityreason.com/securityalert/435

http://secunia.com/advisories/18904

Details

Source: Mitre, NVD

Published: 2006-02-18

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00811