Lucene search

[email protected]CVE-2006-4430

HistoryAug 29, 2006 - 12:04 a.m.

CVE-2006-4430

2006-08-2900:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cisco

nac

vulnerability

cve-2006-4430

network admission control

nvd

7.7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.156 Low

EPSS

Percentile

95.9%

JSON

The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.

CPENameOperatorVersion
cisco:network_admission_controlcisco network admission controlle3.6.4.1
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.4.1
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.4.2
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.4.3
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.4.4
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.3.2
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.3.3
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.3.4
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.3.5
cisco:network_admission_control_manager_and_server_system_softwarecisco network admission control manager and server system softwareeq3.3.6

CPE	Name	Operator	Version
cisco:network_admission_control	cisco network admission control	le	3.6.4.1
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.4.1
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.4.2
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.4.3
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.4.4
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.3.2
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.3.3
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.3.4
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.3.5
cisco:network_admission_control_manager_and_server_system_software	cisco network admission control manager and server system software	eq	3.3.6

Rows per page:

1-10 of 261

References

archive.cert.uni-stuttgart.de/archive/bugtraq/2005/08/msg00200.html

www.cisco.com/en/US/products/ps6128/products_security_notice09186a00804fa82b.html

www.cisco.com/en/US/products/ps6128/tsd_products_security_response09186a008071d609.html

www.securityfocus.com/archive/1/408603/30/0/threaded

www.securityfocus.com/archive/1/444424/100/0/threaded

www.securityfocus.com/archive/1/444501/100/0/threaded

www.securityfocus.com/archive/1/444737/100/0/threaded

www.securityfocus.com/bid/19726

7.7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.156 Low

EPSS

Percentile

95.9%

JSON

Related for CVE-2006-4430

cvelist1