7 matches found
CVE-2013-1177
CVE-2013-1177 affects Cisco Network Admission Control (NAC) Manager. The vulnerability is a SQL injection in NAC Manager that, per sources, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Affected versions are NAC Manager before 4.8.3.1 and 4.9.x before 4.9.2. T...
CVE-2007-0057
CVE-2007-0057 affects Cisco Clean Access (CCA) 3.6.x (3.6.4.2 and earlier) and 4.0.x (4.0.3.2 and earlier). The root cause is improper configuration or modification of the shared secret authentication key, causing all devices to share the same secret. This enables remote attackers to gain unautho...
CVE-2005-4332
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager is affected by CVE-2005-4332. The issue allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files, specifically admin/uploadclient.jsp, apply_firmware_ac...
CVE-2005-4825
Cisco Clean Access 3.5.5 and earlier on Secure Smart Manager is affected. The CVE describes that remote attackers can bypass authentication and cause a denial of service (disk consumption) or access unauthorized files by uploading files through requests to certain JSP scripts. The underlying issu...
CVE-2007-0058
CVE-2007-0058 affects Cisco Clean Access (CCA) on the Clean Access Manager (CAM): versions 3.5.x up to 3.5.9 and 3.6.x up to 3.6.1.1 allow remote attackers to bypass authentication and download arbitrary manual database backups by brute-forcing the snapshot filename and requesting the file direct...
CVE-2006-4430
Cisco Network Admission Control (NAC) 3.6.4.1 and earlier is affected. The issue allows remote attackers to disrupt installation of the Cisco Clean Access (CCA) Agent and bypass protection mechanisms by either modifying the HTTP User-Agent header or altering TCP/IP stack behavior. The published n...
CVE-2005-2631
Concretely, CVE-2005-2631 affects Cisco Clean Access (CCA) versions 3.3.0–3.3.9, 3.4.0–3.4.5, and 3.5.0–3.5.3. The root cause is improper authentication when invoking API methods, potentially allowing remote attackers to bypass security checks, change a user’s assigned role, or disconnect users. ...