Cisco issued an advisory yesterday that warns customers about a vulnerability that exists in their NAC appliance. The vulnerability allows an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).
Cisco goes out of cycle to patch NAC flaw
Cisco’s NAC Appliance allows network administrators to authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to allowing users onto the network. In short, it identifies whether machines are compliant with security policies and repairs vulnerabilities before permitting access to the network.
The vulnerability that exists in the Cisco’s NAC, allows an attacker to obtain the shared secret used by the CAS and the CAM from error logs that are transmitted over the network. Obtaining this information could enable an attacker to gain complete control of the CAS remotely over the network.
Cisco, who recently turned to a biannual patching cycle, has released a critical patch to correct this vulnerability. The patch is released as an urgent download according to the networking giant, as the vulnerability rating itself is listed as a 10 on the CVSS scale.
You can batch your NAC appliances here:http://www.cisco.com/public/sw-center/ciscosecure/cleanaccess.shtml
NAC software versions 3.5.x up to 4.1.x are affected.
Original Advisory:http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!