Check or Attack Name: CiscoIOS AAA Authenticate

A vulnerability in Cisco IOS AAA authentication processing may allow users unauthorized access. Any user or attacker can issue system commands that are otherwise unissuable, or make connections or send packets to destinations that are usually unreachable. The attacker, without any special skills or knowledge, can invoke this vulnerability and a legitimate user can gain network access even if this user is not deliberately conducting an attack. This vulnerability's effects depend how it's installed, but you should assume that it opens very broad access to your network.

The bug that creates this vulnerability may also result in access being denied to legitimate users, or in system crashes.

IOS v11.3(1.2) and 11.3(1.2)T users should upgrade to 11.3(1.3) and 11.3(1.3)T, or the latest supported version for the device. There is no configuration workaround for this vulnerability, short of completely disabling AAA authentication.

Cisco Systems Field Notice, Cisco IOS 11.3(1.2) and 11.3(1.2)T AAA Failure, http://www.cisco.com/warp/public/770/aaapair-pub.shtml

Cisco Systems Documentation, AAA Overview, http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt1/scaaa.htm