CVE-2006-4430

Sažetak

The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.

Reference

http://archive.cert.uni-stuttgart.de/archive/bugtraq/2005/08/msg00200.html
http://www.cisco.com/en/US/products/ps6128/products_security_notice09186a00804fa82b.html
http://www.cisco.com/en/US/products/ps6128/tsd_products_security_response09186a008071d609.html
http://www.securityfocus.com/archive/1/408603/30/0/threaded
http://www.securityfocus.com/archive/1/444424/100/0/threaded
http://www.securityfocus.com/archive/1/444501/100/0/threaded
http://www.securityfocus.com/archive/1/444737/100/0/threaded
http://www.securityfocus.com/bid/19726

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

30-10-2018 - 16:26

Objavljeno

29-08-2006 - 00:04