Man-in-the-Middle Attack Vulnerability in Cisco Network Admission Control for Mac OS X
CVE-2013-1124

Currently unrated

Key Information:

Vendor: Cisco
Status: Network Admission Control
Vendor: CVE Published:; 28 February 2013

Summary

The Cisco Network Admission Control (NAC) agent for Mac OS X has a security flaw in its handling of SSL sessions. It fails to validate the X.509 certificate of an Identity Services Engine (ISE) server, allowing attackers to execute man-in-the-middle attacks. By using an arbitrary SSL certificate, malicious actors can impersonate ISE servers, potentially compromising sensitive information and network integrity.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 28, 2013