|
|
|
Credit:
The information has been provided by Cisco Systems Product Security Incident Response Team.
The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml
|
|
Vulnerable Systems:
* NAC Software Release version 3.5.x - All 3.5.x versions
* NAC Software Release version 3.6.x - All 3.6.x versions prior to 3.6.4.4
* NAC Software Release version 4.0.x - All 4.0.x versions prior to 4.0.6
* NAC Software Release version 4.1.x - All 4.1.x versions prior to 4.1.2
Immune Systems:
* Cisco NAC Appliance software versions 3.6.4.4 and later in the 3.6.x Release
* Cisco NAC Appliance software versions 4.0.6 and later in the 4.0.x Release
* Cisco NAC Appliance software versions 4.1.2 and later in the 4.1.x Release
The Cisco NAC Appliance solution allows network administrators to authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to allowing users onto the network. The solution identifies whether machines are compliant with security policies and repairs vulnerabilities before permitting access to the network.
A vulnerability exists in the Cisco NAC Appliance that can allow an attacker to obtain the shared secret used by the CAS and the CAM from error logs that are transmitted over the network. Obtaining this information could enable an attacker to gain complete control of the CAS remotely over the network.
This vulnerability is documented in Cisco Bug ID CSCsj33976 ( registered customers only).
Impact:
Successful exploitation of the vulnerability could allow an attacker to take complete control of the CAS remotely over the network.
CVE Information:
CVE-2008-1155
|
|
|
|