PT-2005-3521 · Cisco · Cisco Clean Access

Published

2005-08-20

Updated

2018-10-30

CVE-2005-2631

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco Clean Access (CCA) versions 3.3.0 through 3.3.9 Cisco Clean Access (CCA) versions 3.4.0 through 3.4.5 Cisco Clean Access (CCA) versions 3.5.0 through 3.5.3

Description The issue concerns improper user authentication when invoking API methods. This could allow remote attackers to bypass security checks, change a user's assigned role, or disconnect users.

Recommendations For versions 3.3.0 through 3.3.9, update to a version that properly authenticates users when invoking API methods. For versions 3.4.0 through 3.4.5, update to a version that properly authenticates users when invoking API methods. For versions 3.5.0 through 3.5.3, update to a version that properly authenticates users when invoking API methods.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2631

Affected Products

Cisco Clean Access

PT-2005-3521 · Cisco · Cisco Clean Access

CVE-2005-2631

Related Identifiers

Affected Products

References · 5