Unrated severityNVD Advisory· Published Nov 7, 2012· Updated Apr 29, 2026

CVE-2012-5424

Description

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.

Affected products

Cisco Systems, Inc./Secure Access Control Server4 versions
cpe:2.3:a:cisco:secure_access_control_server:5.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:cisco:secure_access_control_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:5.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000