Details of VAR-200512-0144

ID

VAR-200512-0144

CVE

CVE-2005-4332

TITLE

Cisco Clean Access Multiple JSP Page access validation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200512-366

DESCRIPTION

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp. Cisco Clean Access is prone to a vulnerability that could allow unauthorized users to access various Web server JSP pages. This could allow an attacker to upload unauthorized data, cause denial of service issues, and possibly take unauthorized actions through accessing inappropriate JSP pages. Cisco Clean Access version 3.5.5 is reported vulnerable; prior versions may also be affected. Cisco has stated that this issue is being tracked by bug ID CSCsc85405. Similar issues exist in apply_firmware_action.jsp and file.jsp. The vulnerability is caused due to missing authentication on several obsolete JSP files (e.g. "/admin/uploadclient.jsp", "apply_firmware_action.jsp" and "file.jsp") that is present on the Secure Smart Manager. This can be exploited to upload files onto the affected system without requiring authentication, potentially to cause a DoS by filling up the disk space. The vulnerability has been reported in 3.5.5. Other versions may also be affected. SOLUTION: Apply patch. http://www.cisco.com/pcgi-bin/tablebuild.pl/cca-patches?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: Alex Lanstein ORIGINAL ADVISORY: CISCO: http://www.cisco.com/warp/public/707/cisco-response-20051221-CCA.shtml Alex Lanstein: http://www.awarenetwork.org/forum/viewtopic.php?p=2236 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-4332 // BID: 15909 // VULHUB: VHN-15540 // PACKETSTORM: 42497

AFFECTED PRODUCTS

vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.4.3	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.4	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.5	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.7	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.9	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.8	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.3	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.4	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.2	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.5	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.6	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.4.5	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.4.4	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.5.4	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.3.1	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.4.2	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.5.3	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.5.2	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.5.1	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.5.5	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.4.1	Trust: 1.0
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.9	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.8	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.7	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.6	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.5	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.4	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.3	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.2	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3.1	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.3	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.5.5	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.5.3	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.5	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.4.5	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.4.4	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.4.3	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.4.2	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.4.1	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	eq	version:	3.4	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	ne	version:	3.6.0.1	Trust: 0.3
vendor:	cisco	model:	clean access	scope:	ne	version:	3.5(9)	Trust: 0.3

sources: BID: 15909 // CNNVD: CNNVD-200512-366 // NVD: CVE-2005-4332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4332
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200512-366
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-15540
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-4332
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-15540
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-15540 // CNNVD: CNNVD-200512-366 // NVD: CVE-2005-4332

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-366

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200512-366

EXTERNAL IDS

db:	BID	id:	15909	Trust: 2.0
db:	SECUNIA	id:	18103	Trust: 1.8
db:	NVD	id:	CVE-2005-4332	Trust: 1.7
db:	SECTRACK	id:	1015375	Trust: 1.7
db:	OSVDB	id:	21956	Trust: 1.7
db:	OSVDB	id:	21958	Trust: 1.7
db:	OSVDB	id:	21957	Trust: 1.7
db:	VUPEN	id:	ADV-2005-3007	Trust: 1.7
db:	SREASON	id:	265	Trust: 1.7
db:	CNNVD	id:	CNNVD-200512-366	Trust: 0.7
db:	BUGTRAQ	id:	20051221 CISCO SECURITY RESPONSE: DOS IN CISCO CLEAN ACCESS	Trust: 0.6
db:	BUGTRAQ	id:	20051216 DOS IN CISCO CLEAN ACCESS	Trust: 0.6
db:	CISCO	id:	20051221 RESPONSE TO DOS IN CISCO CLEAN ACCESS	Trust: 0.6
db:	VULHUB	id:	VHN-15540	Trust: 0.1
db:	PACKETSTORM	id:	42497	Trust: 0.1

sources: VULHUB: VHN-15540 // BID: 15909 // PACKETSTORM: 42497 // CNNVD: CNNVD-200512-366 // NVD: CVE-2005-4332

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-response-20051221-cca.shtml	Trust: 1.8
url:	http://www.awarenetwork.org/forum/viewtopic.php?p=2236	Trust: 1.8
url:	http://www.securityfocus.com/bid/15909	Trust: 1.7
url:	http://www.osvdb.org/21956	Trust: 1.7
url:	http://www.osvdb.org/21957	Trust: 1.7
url:	http://www.osvdb.org/21958	Trust: 1.7
url:	http://securitytracker.com/id?1015375	Trust: 1.7
url:	http://secunia.com/advisories/18103	Trust: 1.7
url:	http://securityreason.com/securityalert/265	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/419645/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/420008/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2005/3007	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/420008/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/419645/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2005/3007	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps6128/index.html	Trust: 0.3
url:	/archive/1/420008	Trust: 0.3
url:	/archive/1/419645	Trust: 0.3
url:	http://secunia.com/advisories/18103/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/5561/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://www.cisco.com/pcgi-bin/tablebuild.pl/cca-patches?psrtdcat20e2	Trust: 0.1

sources: VULHUB: VHN-15540 // BID: 15909 // PACKETSTORM: 42497 // CNNVD: CNNVD-200512-366 // NVD: CVE-2005-4332

CREDITS

Alex Lanstein alex@box.sk

Trust: 0.6

sources: CNNVD: CNNVD-200512-366

SOURCES

db:	VULHUB	id:	VHN-15540
db:	BID	id:	15909
db:	PACKETSTORM	id:	42497
db:	CNNVD	id:	CNNVD-200512-366
db:	NVD	id:	CVE-2005-4332

LAST UPDATE DATE

2024-08-14T14:35:41.376000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-15540	date:	2018-10-30T00:00:00
db:	BID	id:	15909	date:	2005-12-16T00:00:00
db:	CNNVD	id:	CNNVD-200512-366	date:	2006-01-23T00:00:00
db:	NVD	id:	CVE-2005-4332	date:	2018-10-30T16:26:16.280

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-15540	date:	2005-12-17T00:00:00
db:	BID	id:	15909	date:	2005-12-16T00:00:00
db:	PACKETSTORM	id:	42497	date:	2005-12-23T08:37:20
db:	CNNVD	id:	CNNVD-200512-366	date:	2005-12-17T00:00:00
db:	NVD	id:	CVE-2005-4332	date:	2005-12-17T11:03:00