CVE-2005-4499

CVE Database · CVE-2005-4499

CVE-2005-4499

· N/AModified

CVSS v3.1

N/A

EPSS

1.97%

Published

Dec 22, 2005

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.

Affected Products (156)

cisco · vpn_3001_concentratorvulnerable

cisco · vpn_3015_concentratorvulnerable

cisco · vpn_3020_concentratorvulnerable

cisco · vpn_3030_concentatorvulnerable

cisco · vpn_3060_concentratorvulnerable

cisco · vpn_3080_concentratorvulnerable

cisco · adaptive_security_appliance_softwarevulnerable

cisco · adaptive_security_appliance_software