Authentication Bypass in Cisco Clean Access by Cisco Systems
CVE-2005-4332

Currently unrated

Key Information:

Vendor: Cisco
Status: Network Admission Control Manager And Server System Software
Vendor: CVE Published:; 17 December 2005

Summary

Cisco Clean Access versions up to 3.5.5 on Secure Smart Manager are susceptible to an authentication bypass vulnerability. This allows remote attackers to send direct requests to obsolete JSP files, which can result in unauthorized file upload and potential denial of service (DoS). Specifically, the vulnerable files include admin/uploadclient.jsp, apply_firmware_action.jsp, and file.jsp, making systems using this software at risk for exploitation. Organizations should take immediate action to mitigate this vulnerability by updating to a secure version and monitoring their systems for suspicious activity.

References

http://www.vupen.com/english/advisories/2005/3007

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/archive/1/419645/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/21957

vdb-entryx_refsource_OSVDB

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 17, 2005
Vulnerability Reserved
Dec 17, 2005