PT-2005-5020 · Cisco · Cisco Clean Access
Alex Lanstein
·
Publicado
2005-12-17
·
Atualizado
2018-10-30
·
CVE-2005-4332
CVSS v2.0
9.4
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Clean Access versions 3.5.5 and earlier
Description
The issue allows remote attackers to bypass authentication, cause a denial of service, or upload files by making direct requests to obsolete JSP files, including "admin/uploadclient.jsp", "apply firmware action.jsp", and "file.jsp".
Recommendations
For Cisco Clean Access versions 3.5.5 and earlier, restrict access to the obsolete JSP files, including
admin/uploadclient.jsp, apply firmware action.jsp, and file.jsp, to minimize the risk of exploitation.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cisco Clean Access