Sign-up

ID

VAR-200508-0080


CVE

CVE-2005-2631


TITLE

Cisco Clean Access API Access verification vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200508-270

DESCRIPTION

Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users. Cisco Clean Access (CCA) is a software solution that automatically detects, quarantines, and cleans infected or vulnerable devices attempting to access the network. The vulnerability is caused due to missing authentication when invoking CCA Manager API methods. or gain knowledge of information on configured users. The vulnerability affects versions 3.3.0 through 3.3.9, 3.4.0 through 3.4.5, and 3.5.0 through 3.5.3. SOLUTION: Update to version 3.5.4 or later or apply patch. http://www.cisco.com/pcgi-bin/tablebuild.pl/cca-patches Versions 3.3.0 and prior are not affected. PROVIDED AND/OR DISCOVERED BY: The vendor credits Troy Holder. ORIGINAL ADVISORY: Cisco Systems: http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.44

sources: NVD: CVE-2005-2631 // BID: 14585 // VULHUB: VHN-13840 // VULMON: CVE-2005-2631 // PACKETSTORM: 39472

AFFECTED PRODUCTS

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.4.3

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.4

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.5

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.7

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.9

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.8

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.3

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.4

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.2

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.5

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.6

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.4.5

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.4.4

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.3.1

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.4.2

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.5.3

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.5.2

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.5.1

Trust: 1.0

vendor:ciscomodel:network admission control manager and server system softwarescope:eqversion:3.4.1

Trust: 1.0

vendor:ciscomodel:clean accessscope:eqversion:3.5.3

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.5.2

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.5.1

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.5

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.4.5

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.4.4

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.4.3

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.4.2

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.4.1

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.4

Trust: 0.9

vendor:ciscomodel:clean accessscope:eqversion:3.3.9

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3.8

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3.7

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3.6

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3.5

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3.4

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3.3

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3.2

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3.1

Trust: 0.3

vendor:ciscomodel:clean accessscope:eqversion:3.3

Trust: 0.3

vendor:ciscomodel:clean accessscope:neversion:3.5.4

Trust: 0.3

sources: BID: 14585 // CNNVD: CNNVD-200508-270 // NVD: CVE-2005-2631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-2631
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200508-270
value: HIGH

Trust: 0.6

VULHUB: VHN-13840
value: HIGH

Trust: 0.1

VULMON: CVE-2005-2631
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-2631
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-13840
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-13840 // VULMON: CVE-2005-2631 // CNNVD: CNNVD-200508-270 // NVD: CVE-2005-2631

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200508-270

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200508-270

PATCH

title:Cisco: Cisco Clean Access Unauthenticated API Accessurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20050817-cca

Trust: 0.1

sources: VULMON: CVE-2005-2631

EXTERNAL IDS

db:BIDid:14585

Trust: 2.1

db:SECUNIAid:16472

Trust: 1.9

db:NVDid:CVE-2005-2631

Trust: 1.8

db:CNNVDid:CNNVD-200508-270

Trust: 0.7

db:XFid:21884

Trust: 0.6

db:CISCOid:20050817 CISCO SECURITY ADVISORY: CISCO CLEAN ACCESS UNAUTHENTICATED API ACCESS

Trust: 0.6

db:VULHUBid:VHN-13840

Trust: 0.1

db:VULMONid:CVE-2005-2631

Trust: 0.1

db:PACKETSTORMid:39472

Trust: 0.1

sources: VULHUB: VHN-13840 // VULMON: CVE-2005-2631 // BID: 14585 // PACKETSTORM: 39472 // CNNVD: CNNVD-200508-270 // NVD: CVE-2005-2631

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml

Trust: 1.9

url:http://secunia.com/advisories/16472/

Trust: 1.9

url:http://www.securityfocus.com/bid/14585

Trust: 1.8

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/21884

Trust: 1.2

url:http://xforce.iss.net/xforce/xfdb/21884

Trust: 0.6

url:http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html

Trust: 0.3

url:http://www.cisco.com/en/us/products/products_security_advisory09186a00804f3127.shtml

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=9613

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/5561/

Trust: 0.1

url:http://www.cisco.com/pcgi-bin/tablebuild.pl/cca-patches

Trust: 0.1

url:http://secunia.com/secunia_vacancies/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-13840 // VULMON: CVE-2005-2631 // BID: 14585 // PACKETSTORM: 39472 // CNNVD: CNNVD-200508-270 // NVD: CVE-2005-2631

CREDITS

Troy Holder

Trust: 0.6

sources: CNNVD: CNNVD-200508-270

SOURCES

db:VULHUBid:VHN-13840
db:VULMONid:CVE-2005-2631
db:BIDid:14585
db:PACKETSTORMid:39472
db:CNNVDid:CNNVD-200508-270
db:NVDid:CVE-2005-2631

LAST UPDATE DATE

2024-08-14T14:59:21.415000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-13840date:2018-10-30T00:00:00
db:VULMONid:CVE-2005-2631date:2018-10-30T00:00:00
db:BIDid:14585date:2005-08-17T00:00:00
db:CNNVDid:CNNVD-200508-270date:2005-10-20T00:00:00
db:NVDid:CVE-2005-2631date:2018-10-30T16:26:16.280

SOURCES RELEASE DATE

db:VULHUBid:VHN-13840date:2005-08-23T00:00:00
db:VULMONid:CVE-2005-2631date:2005-08-23T00:00:00
db:BIDid:14585date:2005-08-17T00:00:00
db:PACKETSTORMid:39472date:2005-08-19T04:15:49
db:CNNVDid:CNNVD-200508-270date:2005-08-23T00:00:00
db:NVDid:CVE-2005-2631date:2005-08-23T04:00:00