Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users.
https://exchange.xforce.ibmcloud.com/vulnerabilities/21884
http://www.securityfocus.com/bid/14585
http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml