| VID |
29065 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco IOS has a filtering bypass vulnerability due to a tacacs-ds or tacacs Access List keyword (CISCO Bug ID CSCdi36962).
Under some circumstances, this vulnerability can be exploited to circumvent a filtering router. If devices using Cisco IOS v10.3 uses IP extended access lists, and the 'tacacs-ds' or 'tacacs' keyword is used in these lists, it can cause an extended IP access control list to be misparsed, possibly allowing unauthorized packets to circumvent a filtering router.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/1.html
* Platforms Affected:
CISCO IOS software 10.3(3.4) through 10.3(4.2) |
| Recommendation |
Upgrade to the fixed version of Cisco IOS, 10.3(4.3) or later.
Upgrades should be obtained through the Software Center on Cisco's worldwide website at
http://www.cisco.com/public/sw-center/ .
As a workaround, delete the access list and re-enter it based upon your intended configuration. Do not enter the 'tacacs-ds' keyword. Use the keyword 'tacacs' instead. |
| Related URL |
CVE-1999-0161 (CVE) |
| Related URL |
0703 (SecurityFocus) |
| Related URL |
1247 (ISS) |
|
