CVE-2005-4499

Name of the Vulnerable Software and Affected Versions Cisco PIX and VPN 3000 concentrators (affected versions not specified)

Description The issue exists in the downloadable RADIUS ACLs feature, where a random internal name for an ACL is generated and also used as a hidden username and password. This allows remote attackers to gain privileges by obtaining the username from the cleartext portion of a RADIUS session and then using the password to log in to another device that uses Cisco Secure Access Control Server (CS ACS).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.