CVE-2015-0607

Name of the Vulnerable Software and Affected Versions Cisco IOS (affected versions not specified)

Description The issue arises from the Authentication Proxy feature in Cisco IOS not properly handling invalid AAA return codes from RADIUS and TACACS+ servers. This allows remote attackers to bypass authentication under certain circumstances, such as attempting a connection with a blank password. The vulnerability is due to the incorrect processing of unsupported AAA return codes by the Authentication Proxy. A successful exploit could allow an attacker to authenticate to a targeted device using a blank password, potentially leading to further attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.