BID:21857

Cisco Clean Access Multiple Remote Vulnerabilities

Info

Cisco Clean Access Multiple Remote Vulnerabilities

Bugtraq ID:	21857
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Jan 03 2007 12:00AM
Updated:	Jan 03 2007 12:00AM
Credit:	Chris Hartley and an unknown reporter are credited with the discovery of these vulnerabilities.
Vulnerable:	Cisco Cisco Clean Access (CCA) 4.0.3 2 Cisco Cisco Clean Access (CCA) 4.0.3 1 Cisco Cisco Clean Access (CCA) 3.6.4 .0.1 Cisco Cisco Clean Access (CCA) 3.6.1 1 Cisco Cisco Clean Access (CCA) 3.6 .0.1 Cisco Cisco Clean Access (CCA) 3.5.9 Cisco Cisco Clean Access (CCA) 3.5.8 Cisco Cisco Clean Access (CCA) 3.5.4 Cisco Cisco Clean Access (CCA) 3.5.3 Cisco Cisco Clean Access (CCA) 3.5.2 Cisco Cisco Clean Access (CCA) 3.5.1 Cisco Cisco Clean Access (CCA) 3.5 Cisco Cisco Clean Access (CCA) 3.6.4.2

Not Vulnerable:	Cisco Cisco Clean Access (CCA) 4.1 Cisco Cisco Clean Access (CCA) 4.0.4 Cisco Cisco Clean Access (CCA) 3.6.4 3 Cisco Cisco Clean Access (CCA) 3.6.2 Cisco Cisco Clean Access (CCA) 3.5.10

Discussion

Cisco Clean Access Multiple Remote Vulnerabilities

Cisco Clean Access (CCA) is prone to multiple remote vulnerabilities, including an arbitrary file-download vulnerability and an authentication-bypass vulnerability.

An attacker can exploit these issues to download arbitrary database snapshots and gain unauthorized access to the affected application.

The authentication-bypass vulnerability affects version 3.6 prior to 3.6.4.3 and version 4.0 prior to 4.0.4. The authentication-bypass vulnerability affects version 3.5 prior to 3.5.10 and version 3.6 prior to 3.6.2.

Exploit / POC

Cisco Clean Access Multiple Remote Vulnerabilities

An attacker can exploit these issues by using standard network utilities.

Solution / Fix

Cisco Clean Access Multiple Remote Vulnerabilities

Solution:
The vendor released updates to address these issues. Please see the references for more information.

References

Cisco Clean Access Multiple Remote Vulnerabilities

References: