In association with heise online

17 April 2008, 12:19

Vulnerability in Cisco NAC enables server capture

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has reported a vulnerability in its Network Admission Control (NAC) products that can give attackers complete remote control of the Clean Access Server (CAS). Attackers can obtain the shared secret that protects communications between the Clean Access Server and the Clean Access Manager (CAM). The shared secret is evidently contained in error logs transmitted over the network.

The software affected includes NAC Appliance software versions 3.5.x, 3.6.x, 4.0.x and 4.1.x. Administrators using version 3.5.x should contact Cisco to discuss options for fixing the problem. For the other affected software, Cisco is providing versions, 4.0.6 and 4.1.2, which are said to eliminate the vulnerability. Registered administrators should download these from the Cisco web site and install them without delay.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit