Cisco fixes TACACS+ authentication vulnerabilities

Article

Cisco fixes TACACS+ authentication vulnerabilities

Edmund X. DeJesus

Cisco Systems today announced the availability of free software to fix vulnerabilities in several security software products that run on the company's appliances, routers and switches. The vulnerabilities could allow a malicious user to bypass security and gain unauthorized access to the devices or escalate their privileges in order to sniff traffic, launch denial-of-service attacks or perform network reconnaissance.

The vulnerabilities affect versions 5.0(1) and 5.0(3) of the software for the Cisco Guard and Cisco Traffic Anomaly Detector appliances, as well as the Anomaly Guard Module and Traffic Anomaly Detector Module for the Cisco Catalyst 6500 switches and Cisco 7600 routers. The vulnerability only exists where the devices are incorrectly configured to use TACACS+ authentication.

The Cisco Guard and Cisco Traffic Anomaly Detector appliances, and the Anomaly Guard Module and Traffic Anomaly Detector Module for the Cisco Catalyst 6500 switches and Cisco 7600 routers detect potential distributed denial-of-service attacks and divert the attack traffic without affecting legitimate network traffic. TACACS+ (Terminal Access Controller Access Control System) is a protocol used to authenticate users attempting to gain access to network devices. TACACS+ authentication is disabled by default. A correct TACACS+ configuration uses the

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

"tacacs-server host" command to specify the external TACACS+ server. If TACACS+ authentication is specified but this command is missing, the user can bypass authentication.

If TACACS+ authentication is not specified, or it is specified and the necessary "tacacs-server host" command is present, the system is not vulnerable. Also, versions of the Cisco Guard and Cisco Traffic Anomaly Detector software before 5.0, or at 5.1 or above, are not vulnerable.

Users can mitigate this vulnerability by using the necessary "tacacs-server host" command. This vulnerability is fixed in the 5.1 series of the Cisco Guard and Cisco Traffic Anomaly Detector software, which begins with version 5.1(4). Users of the vulnerable software can obtain fixes from Cisco.

Edmund X. DeJesus (dejesus@compuserve.com) is a freelance writer in Norwood, Mass.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top