Lucene search

Kaspersky LabKLA10104

HistoryJan 31, 2013 - 12:00 a.m.

KLA10104 CI vulnerability in Cisco NAC Appliance

2013-01-3100:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

XSS vulnerabilities were found in the Cisco NAC Appliance. By exploiting this vulnerability malicious users can inject arbitrary web scripts. This vulnerability can be exploited from the network at a point related to web-auth.

Original advisories

Cisco bulletin

Related products

Cisco-NAC-Appliance-(formerly-Cisco-Clean-Access-(CCA))

CVE list

CVE-2012-6029 warning

Solution

Update to latest version

Impacts

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

Affected Products

Cisco NAC Appliance 4.9.2 and earlier

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029

statistics.securelist.com/

threats.kaspersky.com/en/product/Cisco-NAC-Appliance-(formerly-Cisco-Clean-Access-(CCA))/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

Related for KLA10104