CVE-2006-0764

Name of the Vulnerable Software and Affected Versions Cisco Anomaly Detection and Mitigation software versions 5.0(1) and 5.0(3)

Description The issue concerns the Authentication, Authorization, and Accounting (AAA) capability. When running with an incomplete TACACS+ configuration without a "tacacs-server host" command, it allows remote attackers to bypass authentication and gain privileges.

Recommendations For version 5.0(1), ensure a complete TACACS+ configuration, including the "tacacs-server host" command, to prevent authentication bypass. For version 5.0(3), ensure a complete TACACS+ configuration, including the "tacacs-server host" command, to prevent authentication bypass.