Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4332

Overview

Vulnerability Score 9.4 9.4
CVE Id CVE-2005-4332
Last Modified 07 Mar 2011 09:28:01
Published 17 Dec 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4332

Summary

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.

Vulnerable Systems

Operating System

  • Cisco Clean Access 3.3

  • Cisco Clean Access 3.3.1

  • Cisco Clean Access 3.3.2

  • Cisco Clean Access 3.3.3

  • Cisco Clean Access 3.3.4

  • Cisco Clean Access 3.3.5

  • Cisco Clean Access 3.3.6

  • Cisco Clean Access 3.3.7

  • Cisco Clean Access 3.3.8

  • Cisco Clean Access 3.3.9

  • Cisco Clean Access 3.4

  • Cisco Clean Access 3.4.1

  • Cisco Clean Access 3.4.2

  • Cisco Clean Access 3.4.3

  • Cisco Clean Access 3.4.4

  • Cisco Clean Access 3.4.5

  • Cisco Clean Access 3.5

  • Cisco Clean Access 3.5.1

  • Cisco Clean Access 3.5.2

  • Cisco Clean Access 3.5.3

  • Cisco Clean Access 3.5.4

  • Cisco Clean Access 3.5.5


References

VUPEN - ADV-2005-3007

BID - 15909

BUGTRAQ - 20051221 Cisco Security Response: DoS in Cisco Clean Access

BUGTRAQ - 20051216 DoS in Cisco Clean Access

CISCO - 20051221 Response to DoS in Cisco Clean Access

MISC - http://www.awarenetwork.org/forum/viewtopic.php?p=2236

SECTRACK - 1015375

SECUNIA - 18103

OSVDB - 21958

OSVDB - 21957

OSVDB - 21956

SREASON - 265


Last Updated: 27 May 2016 10:41:16