CVE-2006-5660

Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a00807726f7.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/20852	Patch
http://securitytracker.com/id?1017148
http://secunia.com/advisories/22684
http://www.kb.cert.org/vuls/id/778648	US Government Resource
http://www.osvdb.org/30169
http://www.vupen.com/english/advisories/2006/4308
https://exchange.xforce.ibmcloud.com/vulnerabilities/29955

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:security_agent_management_center:5.1:*:*:*:*:*:*:*

Information

Published : 2006-11-02 16:07

Updated : 2017-07-19 18:33

NVD link : CVE-2006-5660

Mitre link : CVE-2006-5660

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

cisco

security_agent_management_center

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807726f7.shtml", "name": "20061101 Cisco Security Agent Management Center LDAP Administrator Authentication Bypass", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/20852", "name": "20852", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1017148", "name": "1017148", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/22684", "name": "22684", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.kb.cert.org/vuls/id/778648", "name": "VU#778648", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.osvdb.org/30169", "name": "30169", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/4308", "name": "ADV-2006-4308", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29955", "name": "cisco-csamc-auth-bypass(29955)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5660", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-11-03T00:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:security_agent_management_center:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:33Z"}