Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1155

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1155
Last Modified 07 Mar 2011 10:06:02
Published 16 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1155

Summary

Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs.

Vulnerable Systems

Application

  • Cisco Network Admission Control 3.5

  • Cisco Network Admission Control 3.6

  • Cisco Network Admission Control 3.6.0

  • Cisco Network Admission Control 3.6.0.1

  • Cisco Network Admission Control 3.6.1.1

  • Cisco Network Admission Control 3.6.2.1

  • Cisco Network Admission Control 3.6.2.2

  • Cisco Network Admission Control 3.6.4.1

  • Cisco Network Admission Control 3.6.4.2

  • Cisco Network Admission Control 3.6.4.3

  • Cisco Network Admission Control 4.0

  • Cisco Network Admission Control 4.0.0.1

  • Cisco Network Admission Control 4.0.2.1

  • Cisco Network Admission Control 4.0.2.2

  • Cisco Network Admission Control 4.0.3.1

  • Cisco Network Admission Control 4.0.3.2

  • Cisco Network Admission Control 4.0.3.3

  • Cisco Network Admission Control 4.0.5.0

  • Cisco Network Admission Control 4.0.5.1

  • Cisco Network Admission Control 4.1

  • Cisco Network Admission Control 4.1.0

  • Cisco Network Admission Control 4.1.1


References

CISCO - 20080416 Cisco Network Admission Control Shared Secret Vulnerability

XF - cisco-nac-unauthorized-access(41849)

VUPEN - ADV-2008-1248

SECTRACK - 1019859

BID - 28807

SECUNIA - 29822


Last Updated: 27 May 2016 10:47:02