VYPR
Unrated severityNVD Advisory· Published Mar 6, 2015· Updated Jun 17, 2026

CVE-2015-0607

CVE-2015-0607

Description

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • cpe:2.3:o:cisco:ios:15.4\(100\)t:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:o:cisco:ios:15.4\(100\)t:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(1\)t:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(1\)t1:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(1\)t2:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(1\)t3:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(1\)t4:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(2\)t:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(2\)t1:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(2\)t2:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4\(2\)t3:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:ios:15.4t:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.