Cisco Network Admission Control Appliance Discloses Clean Access Server and Clean Access Manager Shared Secret
|
|
SecurityTracker Alert ID: 1019859 |
|
SecurityTracker URL: http://securitytracker.com/id/1019859
|
|
CVE Reference:
CVE-2008-1155
(Links to External Site)
|
Date: Apr 16 2008
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.5.x, 3.6.x prior to 3.6.4.4, 4.0.x prior to 4.0.6, 4.1.x prior to 4.1.2
|
Description:
A vulnerability was reported in the Cisco Network Admission Control appliance. A remote user can obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).
A remote user monitoring the network can obtain the shared secret used by the CAS and the CAM from error logs that are transmitted over the network.
The remote user can then gain full control of the CAS.
Cisco has assigned Cisco Bug ID CSCsj33976 to this vulnerability.
The vendor discovered this vulnerability.
|
Impact:
A remote user can obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).
|
Solution:
The vendor has issued fixed versions (3.6.4.4, 4.0.6, 4.1.2).
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 16 Apr 2008 10:43:41 -0400
Subject: Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability
|
http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml
CVE-2008-1155
|
|
