CVE-2005-4499

Description

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.

Affected products

Cisco / adaptive_security_appliance_software7.0(4) – 7.0(4)
Cisco / adaptive_security_appliance_software7.0 – 7.0
Cisco / adaptive_security_appliance_software7.0.4.3 – 7.0.4.3
Cisco / adaptive_security_appliance_software7.0.1.4 – 7.0.1.4
Cisco / pix_asa_ids
Cisco / pix_firewall6.2.3_(110) – 6.2.3_(110)
Cisco / pix_firewall
Cisco / pix_firewall6.2.2_.111 – 6.2.2_.111
Cisco / pix_firewall6.3.3_(133) – 6.3.3_(133)
Cisco / pix_firewall_501
Cisco / pix_firewall_506
Cisco / pix_firewall_515
Cisco / pix_firewall_515e
Cisco / pix_firewall_520
Cisco / pix_firewall_525
Cisco / pix_firewall_535
Cisco / pix_firewall_software5.3(2) – 5.3(2)
Cisco / pix_firewall_software4.2 – 4.2
Cisco / pix_firewall_software2.7 – 2.7
Cisco / pix_firewall_software3.0 – 3.0
Cisco / pix_firewall_software3.1 – 3.1
Cisco / pix_firewall_software4.0 – 4.0
Cisco / pix_firewall_software4.1(6) – 4.1(6)
Cisco / pix_firewall_software4.1(6b) – 4.1(6b)
Cisco / pix_firewall_software5.3(1.200) – 5.3(1.200)
Cisco / pix_firewall_software5.3(1) – 5.3(1)
Cisco / pix_firewall_software5.3 – 5.3
Cisco / pix_firewall_software5.2(9) – 5.2(9)
Cisco / pix_firewall_software5.2(7) – 5.2(7)
Cisco / pix_firewall_software5.2(6) – 5.2(6)
Cisco / pix_firewall_software5.2(5) – 5.2(5)
Cisco / pix_firewall_software5.2(3.210) – 5.2(3.210)
Cisco / pix_firewall_software5.2(2) – 5.2(2)
Cisco / pix_firewall_software5.2(1) – 5.2(1)
Cisco / pix_firewall_software5.2 – 5.2
Cisco / pix_firewall_software5.1(4.206) – 5.1(4.206)
Cisco / pix_firewall_software5.1(4) – 5.1(4)
Cisco / pix_firewall_software6.2 – 6.2
Cisco / pix_firewall_software5.0 – 5.0
Cisco / pix_firewall_software4.4(8) – 4.4(8)
Cisco / pix_firewall_software4.4(7.202) – 4.4(7.202)
Cisco / pix_firewall_software4.4(4) – 4.4(4)
Cisco / pix_firewall_software4.4 – 4.4
Cisco / pix_firewall_software4.3 – 4.3
Cisco / pix_firewall_software4.2(5) – 4.2(5)
Cisco / pix_firewall_software4.2(2) – 4.2(2)
Cisco / pix_firewall_software6.3(5) – 6.3(5)
Cisco / pix_firewall_software6.3(3.109) – 6.3(3.109)
Cisco / pix_firewall_software6.3(3.102) – 6.3(3.102)
Cisco / pix_firewall_software6.3(3) – 6.3(3)
Cisco / pix_firewall_software6.3(2) – 6.3(2)
Cisco / pix_firewall_software6.3(1) – 6.3(1)
Cisco / pix_firewall_software6.3 – 6.3
Cisco / pix_firewall_software6.2(3.100) – 6.2(3.100)
Cisco / pix_firewall_software6.2(3) – 6.2(3)
Cisco / pix_firewall_software6.2(2) – 6.2(2)
Cisco / pix_firewall_software6.2(1) – 6.2(1)
Cisco / pix_firewall_software5.1 – 5.1
Cisco / pix_firewall_software6.1.5(104) – 6.1.5(104)
Cisco / pix_firewall_software6.1(5) – 6.1(5)
Cisco / pix_firewall_software6.1(4) – 6.1(4)
Cisco / pix_firewall_software6.1(3) – 6.1(3)
Cisco / pix_firewall_software4.2(1) – 4.2(1)
Cisco / pix_firewall_software6.1(2) – 6.1(2)
Cisco / pix_firewall_software6.1(1) – 6.1(1)
Cisco / pix_firewall_software6.1 – 6.1
Cisco / pix_firewall_software6.0(4.101) – 6.0(4.101)
Cisco / pix_firewall_software6.0(4) – 6.0(4)
Cisco / pix_firewall_software6.0(3) – 6.0(3)
Cisco / pix_firewall_software6.0(2) – 6.0(2)
Cisco / pix_firewall_software6.0(1) – 6.0(1)
Cisco / pix_firewall_software6.0 – 6.0
Cisco / pix_firewall_software5.3(3) – 5.3(3)
Cisco / secure_access_control_server3.2 – 3.2
Cisco / secure_access_control_server
Cisco / secure_access_control_server2.0 – 2.0
Cisco / secure_access_control_server2.1 – 2.1
Cisco / secure_access_control_server2.3 – 2.3
Cisco / secure_access_control_server2.3 – 2.3
Cisco / secure_access_control_server2.3.5.1 – 2.3.5.1
Cisco / secure_access_control_server2.3.6.1 – 2.3.6.1
Cisco / secure_access_control_server2.4 – 2.4
Cisco / secure_access_control_server2.5 – 2.5
Cisco / secure_access_control_server2.6 – 2.6
Cisco / secure_access_control_server2.6.2 – 2.6.2
Cisco / secure_access_control_server2.6.3 – 2.6.3
Cisco / secure_access_control_server2.6.4 – 2.6.4
Cisco / secure_access_control_server2.42 – 2.42
Cisco / secure_access_control_server3.0 – 3.0
Cisco / secure_access_control_server3.0 – 3.0
Cisco / secure_access_control_server3.0.1 – 3.0.1
Cisco / secure_access_control_server3.0.3 – 3.0.3
Cisco / secure_access_control_server3.1 – 3.1
Cisco / secure_access_control_server3.1.1 – 3.1.1
Cisco / secure_access_control_server3.2 – 3.2
Cisco / secure_access_control_server3.2(1) – 3.2(1)
Cisco / secure_access_control_server3.2(1.20) – 3.2(1.20)
Cisco / secure_access_control_server3.2(2) – 3.2(2)
Cisco / secure_access_control_server3.2(3) – 3.2(3)
Cisco / secure_access_control_server3.2.1 – 3.2.1
Cisco / secure_access_control_server3.2.2 – 3.2.2
Cisco / secure_access_control_server3.3 – 3.3
Cisco / secure_access_control_server3.3(1) – 3.3(1)
Cisco / secure_access_control_server3.3.1 – 3.3.1
Cisco / secure_access_control_server3.3.2 – 3.3.2
Cisco / vpn_3000_concentrator_series_software3.0.3.a – 3.0.3.a
Cisco / vpn_3000_concentrator_series_software3.1 – 3.1
Cisco / vpn_3000_concentrator_series_software3.0.4 – 3.0.4
Cisco / vpn_3000_concentrator_series_software3.0.3.b – 3.0.3.b
Cisco / vpn_3000_concentrator_series_software3.0 – 3.0
Cisco / vpn_3000_concentrator_series_software2.5.2.f – 2.5.2.f
Cisco / vpn_3000_concentrator_series_software2.5.2.d – 2.5.2.d
Cisco / vpn_3000_concentrator_series_software2.5.2.c – 2.5.2.c
Cisco / vpn_3000_concentrator_series_software2.5.2.b – 2.5.2.b
Cisco / vpn_3000_concentrator_series_software2.5.2.a – 2.5.2.a
Cisco / vpn_3000_concentrator_series_software2.0 – 2.0
Cisco / vpn_3000_concentrator_series_software4.7.1.f – 4.7.1.f
Cisco / vpn_3000_concentrator_series_software4.7.1 – 4.7.1
Cisco / vpn_3000_concentrator_series_software4.1.7.b – 4.1.7.b
Cisco / vpn_3000_concentrator_series_software4.1.7.a – 4.1.7.a
Cisco / vpn_3000_concentrator_series_software4.1.5.b – 4.1.5.b
Cisco / vpn_3000_concentrator_series_software4.0.5.b – 4.0.5.b
Cisco / vpn_3000_concentrator_series_software4.0.2 – 4.0.2
Cisco / vpn_3000_concentrator_series_software4.0.1 – 4.0.1
Cisco / vpn_3000_concentrator_series_software4.0 – 4.0
Cisco / vpn_3000_concentrator_series_software3.6.7d – 3.6.7d
Cisco / vpn_3000_concentrator_series_software3.6.7.f – 3.6.7.f
Cisco / vpn_3000_concentrator_series_software3.6.7.d – 3.6.7.d
Cisco / vpn_3000_concentrator_series_software3.6.7.c – 3.6.7.c
Cisco / vpn_3000_concentrator_series_software3.6.7.b – 3.6.7.b
Cisco / vpn_3000_concentrator_series_software3.6.7.a – 3.6.7.a
Cisco / vpn_3000_concentrator_series_software3.6.7 – 3.6.7
Cisco / vpn_3000_concentrator_series_software3.6.5 – 3.6.5
Cisco / vpn_3000_concentrator_series_software3.6.3 – 3.6.3
Cisco / vpn_3000_concentrator_series_software3.6.1 – 3.6.1
Cisco / vpn_3000_concentrator_series_software3.6 – 3.6
Cisco / vpn_3000_concentrator_series_software3.5.5 – 3.5.5
Cisco / vpn_3000_concentrator_series_software3.5.4 – 3.5.4
Cisco / vpn_3000_concentrator_series_software3.5.3 – 3.5.3
Cisco / vpn_3000_concentrator_series_software3.5.2 – 3.5.2
Cisco / vpn_3000_concentrator_series_software3.5.1 – 3.5.1
Cisco / vpn_3000_concentrator_series_software3.5(rel) – 3.5(rel)
Cisco / vpn_3000_concentrator_series_software3.1.4 – 3.1.4
Cisco / vpn_3000_concentrator_series_software3.1.2 – 3.1.2
Cisco / vpn_3000_concentrator_series_software3.1.1 – 3.1.1
Cisco / vpn_3000_concentrator_series_software3.1(rel) – 3.1(rel)
Cisco / vpn_3001_concentrator
Cisco / vpn_3002_hardware_client
Cisco / vpn_3005_concentrator_software4.0.1 – 4.0.1
Cisco / vpn_3015_concentrator
Cisco / vpn_3020_concentrator
Cisco / vpn_3030_concentator
Cisco / vpn_3030_concentator4.7.1 – 4.7.1
Cisco / vpn_3030_concentator4.7.1.f – 4.7.1.f
Cisco / vpn_3060_concentrator
Cisco / vpn_3080_concentrator

CVE-2005-4499

Description

Affected products

References