PT-2008-2749 · Cisco · Cisco Network Admission Control Appliance+2
Published
2008-04-16
·
Updated
2017-08-08
·
CVE-2008-1155
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Network Admission Control (NAC) Appliance versions 3.5.x through 3.6.3, versions 4.0.x through 4.0.5, and versions 4.1.x through 4.1.1
Description
The issue allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs.
Recommendations
For versions 3.5.x, update to version 3.6.4.4 or later.
For versions 3.6.x before 3.6.4.4, update to version 3.6.4.4 or later.
For versions 4.0.x before 4.0.6, update to version 4.0.6 or later.
For versions 4.1.x before 4.1.2, update to version 4.1.2 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Network Admission Control Appliance
Clean Access Manager
Clean Access Server