|
|
|
|
| |
"Cisco Clean Access (NAC Appliance) is an easily deployed Network Admission Control (NAC) solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network - regardless of the access method. "
Cisco Clean Access does not validate user authentication, allowing attackers to upload any file they wish to the server, and even cause a DoS by filling up all the storage space. |
| |
Credit:
The information has been provided by Alex.
The original article can be found at: http://www.awarenetwork.org/forum/viewtopic.php?p=2236
|
| |
Vulnerable Systems:
* Cisco Clean Access version 3.5.5
A user without a username or password can upload files to a web visible folder using the pages: /admin/uploadclient.jsp, apply_firmware_action.jsp or file.jsp. The user could also fill up the drive as it seems, aside from /boot, the rest of the drive is one big partition. Filling up the drive would most definitely cause the system to lock up in its current configuration.
|
|
|
|
|
|
|
|
|
|
