• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Cisco Network Admission Control Shared Secret Information Disclosure Vulnerability

Cisco Network Admission Control (NAC) appliance is prone to a remote information-disclosure vulnerability because it fails to securely transmit potentially sensitive data over the network.

Attackers can exploit this issue to harvest the shared secret used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM) to gain unauthorized access to the appliance. This may facilitate the complete compromise of the device and may lead to further attacks. This issue is documented in Cisco Bug ID CSCsj33976.

This issue affects the following versions of the NAC appliance software:

- all 3.5 versions
- all 3.6 versions prior to 3.6.4.4
- all 4.0 versions prior to 4.0.6
- all 4.1 versions prior to 4.1.2