Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco PIX/CS ACS可下载RADIUS策略信息泄露漏洞
Vulnerability Description
Cisco PIX是非常流行的网络防火墙,而CS ACS则是提供验证、授权和帐户服务的网络设备。 Cisco PIX在进行网络管理通讯时存在漏洞,攻击者可能利用此漏洞非授权获得对设备的访问。 管理员在Cisco安全接入控制服务器(CS ACS Radius服务器)上创建ACL时,会分配内部名称#ACSACL#-IP-uacl-<随机>,例如#ACSACL#-IP-uacl-43a97a9d。同时CS ACS还会创建名为#ACSACL#-IP-uacl-43a97a9d的内部隐藏用户,口令为#ACSACL#
CVSS Information
N/A
Vulnerability Type
N/A