Cisco Downloadable RADIUS Policies Information Disclosure Vulnerability

Cisco PIX and VPN 3000 concentrators, when managed by Cisco Secure Access Control Servers are vulnerable to an information disclosure vulnerability. This issue is due to a design flaw that communicates sensitive information over an unencrypted communications channel.

This issue allows remote attackers with the ability to gain access to sensitive information if they can sniff network packets traveling between affected devices and the RADIUS server. This information potentially aids them in further attacks.

Specific Cisco versions and products affected by this issue are not currently known. The list of affected packages will be updated as further information is disclosed.


Privacy Statement
Copyright 2010, SecurityFocus