Authentication Bypass and Denial of Service in Cisco Clean Access
CVE-2005-4825

Currently unrated

Key Information:

Vendor: Cisco
Status: Network Admission Control Manager And Server System Software
Vendor: CVE Published:; 31 December 2005

Summary

Cisco Clean Access versions up to 3.5.5 face significant vulnerabilities that allow remote attackers to exploit the system by bypassing authentication. This can lead to unauthorized file access and denial of service attacks characterized by disk consumption. The exploitation involves uploading files through specific requests to vulnerable JSP scripts, revealing inherent weaknesses in the system's security architecture. Users of affected versions are encouraged to review security advisories and implement recommended updates to mitigate potential risks.

References

http://www.securityfocus.com/archive/1/419645/30/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/21959

vdb-entryx_refsource_OSVDB

http://www.cisco.com/warp/public/707/cisco-response-20051...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2005