TL;DR 📌

A vulnerability in Cisco IOS and IOS XE Software could allow unauthenticated remote attackers to bypass TACACS+ authentication or view sensitive data. The highest CVSS score is 8.1, classified as High severity. Cisco has released fixes and workarounds are available.

What happened 🕵️‍♂️

A vulnerability has been identified in the TACACS+ protocol implementation within Cisco IOS and IOS XE Software. This issue arises because the software does not properly verify if the required TACACS+ shared secret is configured. As a result, an attacker could exploit this vulnerability to intercept unencrypted TACACS+ messages or impersonate the TACACS+ server, potentially allowing unauthorized access to sensitive information or bypassing authentication altogether.