7.5

CVE-2005-4499

EPSS 1.91%
Published 22.12.2005 11:03:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Vpn 3001 Concentrator

Cisco ≫ Vpn 3015 Concentrator

Cisco ≫ Vpn 3020 Concentrator

Cisco ≫ Vpn 3030 Concentator

Cisco ≫ Vpn 3060 Concentrator

Cisco ≫ Vpn 3080 Concentrator

Cisco ≫ Adaptive Security Appliance Software Version7.0

Cisco ≫ Adaptive Security Appliance Software Version7.0.1.4

Cisco ≫ Adaptive Security Appliance Software Version7.0.4.3

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.c

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.d

Cisco ≫ Vpn 3000 Concentrator Series Software Version2.5.2.f

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.3.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.3.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.0.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.2

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.1.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.2

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.3

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.4

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.5.5

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.3

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.5

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.c

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.d

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7.f

Cisco ≫ Vpn 3000 Concentrator Series Software Version3.6.7d

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0.2

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.0.5.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.5.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.7.a

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.1.7.b

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.7.1

Cisco ≫ Vpn 3000 Concentrator Series Software Version4.7.1.f

Cisco ≫ Vpn 3005 Concentrator Software Version4.0.1

Cisco ≫ Vpn 3030 Concentator Version4.7.1

Cisco ≫ Vpn 3030 Concentator Version4.7.1.f

Cisco ≫ Pix Asa Ids

Cisco ≫ Pix Firewall Version6.2.2_.111

Cisco ≫ Secure Access Control Server

Cisco ≫ Secure Access Control Server Version2.0 Editionunix

Cisco ≫ Secure Access Control Server Version2.1 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version2.3 Editionunix

Cisco ≫ Secure Access Control Server Version2.3 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version2.3.5.1 Editionunix

Cisco ≫ Secure Access Control Server Version2.3.6.1 Editionunix

Cisco ≫ Secure Access Control Server Version2.4 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version2.5 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version2.6 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version2.6.2 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version2.6.3 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version2.6.4 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version2.42 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version3.0

Cisco ≫ Secure Access Control Server Version3.0 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version3.0.1 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version3.0.3 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version3.1

Cisco ≫ Secure Access Control Server Version3.1.1 Editionwindows_nt

Cisco ≫ Secure Access Control Server Version3.2

Cisco ≫ Secure Access Control Server Version3.2 Editionwindows_server

Cisco ≫ Secure Access Control Server Version3.2.1

Cisco ≫ Secure Access Control Server Version3.2.2

Cisco ≫ Secure Access Control Server Version3.3

Cisco ≫ Secure Access Control Server Version3.3.1

Cisco ≫ Secure Access Control Server Version3.3.2

Cisco ≫ Vpn 3002 Hardware Client

Cisco ≫ Pix Firewall 501

Cisco ≫ Pix Firewall 506

Cisco ≫ Pix Firewall 515

Cisco ≫ Pix Firewall 515e

Cisco ≫ Pix Firewall 520

Cisco ≫ Pix Firewall 525

Cisco ≫ Pix Firewall 535

Cisco ≫ Pix Firewall

Cisco ≫ Pix Firewall Software Version2.7

Cisco ≫ Pix Firewall Software Version3.0

Cisco ≫ Pix Firewall Software Version3.1

Cisco ≫ Pix Firewall Software Version4.0

Cisco ≫ Pix Firewall Software Version4.2

Cisco ≫ Pix Firewall Software Version4.3

Cisco ≫ Pix Firewall Software Version4.4

Cisco ≫ Pix Firewall Software Version5.0

Cisco ≫ Pix Firewall Software Version5.1

Cisco ≫ Pix Firewall Software Version5.2

Cisco ≫ Pix Firewall Software Version5.3

Cisco ≫ Pix Firewall Software Version6.0

Cisco ≫ Pix Firewall Software Version6.1

Cisco ≫ Pix Firewall Software Version6.2

Cisco ≫ Pix Firewall Software Version6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.91%	0.825

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/18141

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml

http://www.osvdb.org/22193

http://www.securityfocus.com/archive/1/420020/100/0/threaded

http://www.securityfocus.com/archive/1/420103/100/0/threaded

http://www.securityfocus.com/bid/16025

https://nvd.nist.gov/vuln/detail/CVE-2005-4499

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4499

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4499

EUVD