Authentication Bypass in Cisco Secure ACS Through Cisco Trust Agent
CVE-2007-1800

Currently unrated

Key Information:

Vendor: Cisco
Status: Trust Agent
Vendor: CVE Published:; 2 April 2007

Summary

The Cisco Secure ACS platform is vulnerable to an authentication bypass issue when the Cisco Trust Agent (CTA) transmits posture information. This flaw may enable remote attackers to gain unauthorized network access by presenting a spoofed Network Endpoint Assessment posture, commonly referred to as 'NACATTACK.' Although the exploit is primarily limited to authenticated users and devices within the network, its implications could lead to significant security risks, allowing malicious entities to circumvent intended access controls.

References

http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speake...

x_refsource_MISC

http://osvdb.org/34123

vdb-entryx_refsource_OSVDB

http://www.cisco.com/en/US/products/products_security_res...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Apr 2, 2007
Vulnerability Reserved
Apr 2, 2007