SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Network Admission Control Vendors:   Cisco
Cisco Network Admission Control Appliance Discloses Clean Access Server and Clean Access Manager Shared Secret
SecurityTracker Alert ID:  1019859
SecurityTracker URL:  http://securitytracker.com/id/1019859
CVE Reference:   CVE-2008-1155   (Links to External Site)
Date:  Apr 16 2008
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.5.x, 3.6.x prior to 3.6.4.4, 4.0.x prior to 4.0.6, 4.1.x prior to 4.1.2
Description:   A vulnerability was reported in the Cisco Network Admission Control appliance. A remote user can obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).

A remote user monitoring the network can obtain the shared secret used by the CAS and the CAM from error logs that are transmitted over the network.

The remote user can then gain full control of the CAS.

Cisco has assigned Cisco Bug ID CSCsj33976 to this vulnerability.

The vendor discovered this vulnerability.
Impact:   A remote user can obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).
Solution:   The vendor has issued fixed versions (3.6.4.4, 4.0.6, 4.1.2).

The vendor's advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml
Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC