Cisco Network Admission Control Shared Information Disclosure (cisco-sa-20080416-nac)

critical Nessus Plugin ID 69949

Synopsis

The remote device is missing a vendor-supplied security update.

Description

The remote Cisco Network Admission Control (NAC) is affected by an information disclosure vulnerability. This vulnerability allows an attacker to obtain a shared secret from the error logs, which are sent over the network. This shared secret is used by Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM). If an attacker is able to obtain this shared secret, they can gain complete control of the remote device.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20080416-nac.

See Also

http://www.nessus.org/u?2e809bc0

Plugin Details

Severity: Critical

ID: 69949

File Name: cisco-sa-20080416-nac.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 9/18/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:network_admission_control

Required KB Items: Host/Cisco/NAC/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/16/2008

Vulnerability Publication Date: 4/16/2008

Reference Information

CVE: CVE-2008-1155

BID: 28807

CWE: 200

CISCO-SA: cisco-sa-20080416-nac

CISCO-BUG-ID: CSCsj33976