Cisco IOS and IOS XE TACACS+ Authentication Bypass Vulnerability

A vulnerability exists in the TACACS+ protocol implementation within Cisco IOS and IOS XE Software. It allows an unauthenticated, remote attacker to view sensitive data or bypass authentication. The issue arises because the system fails to properly verify if the necessary TACACS+ shared secret is configured. This flaw could be exploited by a machine-in-the-middle attacker to intercept and read unencrypted TACACS+ messages or to impersonate the TACACS+ server, falsely accepting authentication requests. Successful exploitation could enable the attacker to access sensitive information in TACACS+ messages or to bypass authentication altogether, gaining unauthorized access to the affected device.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the affected device by bypassing TACACS+ authentication. Additionally, an attacker could intercept and read unencrypted TACACS+ messages, potentially exposing sensitive information.

Remediation

To address this vulnerability, ensure that every TACACS+ server configured on the device has a shared secret established. Cisco has released software updates that fix this vulnerability. For guidance on upgrading to a fixed software release, consult the Cisco Software Checker tool, which identifies the earliest release that addresses this vulnerability.