Network Access Control Bypass in Cisco Devices
CVE-2006-4982

Currently unrated

Key Information:

Vendor: Cisco
Status: Network Access Control
Vendor: CVE Published:; 26 September 2006

Summary

Cisco NAC has a vulnerability that stems from its maintenance of an exception list, which only records device MAC addresses without additional properties. This oversight allows an attacker, who is physically near the network, to exploit this weakness. By spoofing the MAC address of a legitimate device, such as a printer, they can gain unauthorized access to the local network. This vulnerability raises serious concerns regarding the effectiveness of network access control measures and the potential for unauthorized users to compromise network security.

References

http://www.securityfocus.com/archive/1/446421/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.insightix.com/files/pdf/Bypassing_NAC_Solution...

x_refsource_MISC

http://www.osvdb.org/30978

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Sep 26, 2006
Vulnerability Reserved
Sep 25, 2006