{"vuid":"VU#778648","idnumber":"778648","name":"Cisco Security Agent Management Center vulnerable to authentication bypass","keywords":["Cisco","Security Agent Management Center","CSAMC","authentication bypass","Lightweight Directory Access Protocol","LDAP"],"overview":"Cisco Security Agent Management Center (CSAMC) may be vulnerable to authentication bypass when configured to use an external Lightweight Directory Access Protocol (LDAP) server for authentication.","clean_desc":"Cisco Security Agent Management Center (CSAMC) is a component of the CiscoWorks VPN. This core management software allows definition and distribution of policies, provides software updates, and maintains communications for Cisco Security Agents. Remote authentication to CSAMC can be configured using an external Lightweight Directory Access Protocol (LDAP) server. According to Cisco Security Advisory cisco-sa-20061101-csamc: If CSAMC is configured to use LDAP for authentication, it is possible to supply a valid administrator username and blank (zero length) password and gain administrative access to the CSAMC application with the role privileges of the administrator. Cisco states that this issue affects CSAMC 5.1 before 5.1.0.79.","impact":"A remote attacker with knowledge of a valid administrator username may be able to access the CSAMC with the role privileges of the administrator.","resolution":"Update\nCisco has released an update to address this issue. See Cisco Security Advisory cisco-sa-20061101-csamc for more details.","workarounds":"Disable LDAP According to Cisco Security Advisory cisco-sa-20061101-csamc: It is possible to workaround this vulnerability by disabling external LDAP authentication and configuring administrators to authenticate against the local CSAMC database.","sysaffected":"","thanks":"This vulnerability was reported in \nCisco Security Advisory cisco-sa-20061101-csamc","author":"This document was written by Chris Taschner.","public":["http://www.cisco.com/warp/public/707/cisco-sa-20061101-csamc.shtml","http://secunia.com/advisories/22684/"],"cveids":["CVE-2006-5660"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-11-01T21:00:40Z","publicdate":"2006-11-01T00:00:00Z","datefirstpublished":"2006-12-11T17:54:23Z","dateupdated":"2007-01-05T20:14:39Z","revision":21,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"12","cam_population":"7","cam_impact":"20","cam_easeofexploitation":"13","cam_attackeraccessrequired":"20","cam_scorecurrent":"18.4275","cam_scorecurrentwidelyknown":"21.84","cam_scorecurrentwidelyknownexploited":"35.49","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":18.4275,"vulnote":null}