PT-2005-5020 · Cisco · Cisco Clean Access

Alex Lanstein

Published

2005-12-17

Updated

2018-10-30

CVE-2005-4332

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Clean Access versions 3.5.5 and earlier

Description The issue allows remote attackers to bypass authentication, cause a denial of service, or upload files by making direct requests to obsolete JSP files, including "admin/uploadclient.jsp", "apply firmware action.jsp", and "file.jsp".

Recommendations For Cisco Clean Access versions 3.5.5 and earlier, restrict access to the obsolete JSP files, including admin/uploadclient.jsp, apply firmware action.jsp, and file.jsp, to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4332

Affected Products

Cisco Clean Access

PT-2005-5020 · Cisco · Cisco Clean Access

CVE-2005-4332

Related Identifiers

Affected Products

References · 13