Cisco Network Admission Control (NAC) Appliance unauthorized access

cisco-nac-unauthorized-access (41849) The risk level is classified as HighHigh Risk

Description:

The Cisco Network Admission Control (NAC) Appliance could allow a remote attacker to gain control of the system. By using a network sniffing tool, a remote attacker could obtain the shared secret from the error logs for the Clean Access Server (CAS) and Clean Access Manager (CAM). An attacker could exploit this vulnerability to gain complete control over an affected system.

Platforms Affected:

  • Cisco, Network Admission Control 3.5
  • Cisco, Network Admission Control 3.6
  • Cisco, Network Admission Control 3.6.0
  • Cisco, Network Admission Control 3.6.0.1
  • Cisco, Network Admission Control 3.6.1.1
  • Cisco, Network Admission Control 3.6.2.1
  • Cisco, Network Admission Control 3.6.2.2
  • Cisco, Network Admission Control 3.6.4.1
  • Cisco, Network Admission Control 3.6.4.2
  • Cisco, Network Admission Control 3.6.4.3
  • Cisco, Network Admission Control 4.0
  • Cisco, Network Admission Control 4.0.0.1
  • Cisco, Network Admission Control 4.0.1
  • Cisco, Network Admission Control 4.0.2
  • Cisco, Network Admission Control 4.0.2.1
  • Cisco, Network Admission Control 4.0.2.2
  • Cisco, Network Admission Control 4.0.3
  • Cisco, Network Admission Control 4.0.3.1
  • Cisco, Network Admission Control 4.0.3.2
  • Cisco, Network Admission Control 4.0.3.3
  • Cisco, Network Admission Control 4.0.4
  • Cisco, Network Admission Control 4.0.5
  • Cisco, Network Admission Control 4.0.5.0
  • Cisco, Network Admission Control 4.0.5.1
  • Cisco, Network Admission Control 4.1
  • Cisco, Network Admission Control 4.1.0
  • Cisco, Network Admission Control 4.1.1

Remedy:

Refer to cisco-sa-20080416-nac for patch, upgrade or suggested workaround information. See References.

Consequences:

Gain Access

References:

  • cisco-sa-20080416-nac, Control Shared Secret Vulnerability at http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml.
  • BID-28807: Cisco Network Admission Control Shared Secret Information Disclosure Vulnerability
  • CVE-2008-1155: Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs.
  • SA29822: Cisco Network Admission Control Information Disclosure Security Issue
  • SECTRACK ID: 1019859: Cisco Network Admission Control Appliance Discloses Clean Access Server and Clean Access Manager Shared Secret
  • VUPEN/ADV-2008-1248: Cisco Network Admission Control Shared Secret Disclosure Vulnerability

Reported:

Apr 16, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page