Details of VAR-200609-0497

ID

VAR-200609-0497

CVE

CVE-2006-4982

TITLE

Cisco NAC Vulnerable to local network connection

Trust: 0.8

sources: JVNDB: JVNDB-2006-001308

DESCRIPTION

Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer

Trust: 2.34

sources: NVD: CVE-2006-4982 // JVNDB: JVNDB-2006-001308 // CNVD: CNVD-2006-7397 // VULHUB: VHN-21090 // VULMON: CVE-2006-4982

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-7397

AFFECTED PRODUCTS

vendor:	cisco	model:	network access control	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	network access control	scope:	eq	version:	*	Trust: 1.0
vendor:	xampp	model:	apache friends	scope:	eq	version:	1.5.2	Trust: 0.6

sources: CNVD: CNVD-2006-7397 // JVNDB: JVNDB-2006-001308 // CNNVD: CNNVD-200609-429 // NVD: CVE-2006-4982

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4982
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-4982
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2006-7397
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200609-429
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-21090
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2006-4982
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-4982
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2006-7397
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-21090
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2006-7397 // VULHUB: VHN-21090 // VULMON: CVE-2006-4982 // JVNDB: JVNDB-2006-001308 // CNNVD: CNNVD-200609-429 // NVD: CVE-2006-4982

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4982

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200609-429

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200609-429

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001308

PATCH

title:

Top Page

url:

http://www.cisco.com/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001308

EXTERNAL IDS

db:	NVD	id:	CVE-2006-4982	Trust: 3.2
db:	OSVDB	id:	30978	Trust: 2.4
db:	JVNDB	id:	JVNDB-2006-001308	Trust: 0.8
db:	CNNVD	id:	CNNVD-200609-429	Trust: 0.7
db:	CNVD	id:	CNVD-2006-7397	Trust: 0.6
db:	BUGTRAQ	id:	20060919 WHITE PAPER RELEASE: BYPASSING NETWORK ACCESS CONTROL (NAC) SYSTEMS	Trust: 0.6
db:	BID	id:	84231	Trust: 0.2
db:	VULHUB	id:	VHN-21090	Trust: 0.1
db:	VULMON	id:	CVE-2006-4982	Trust: 0.1

sources: CNVD: CNVD-2006-7397 // VULHUB: VHN-21090 // VULMON: CVE-2006-4982 // JVNDB: JVNDB-2006-001308 // CNNVD: CNNVD-200609-429 // NVD: CVE-2006-4982

REFERENCES

url:	http://www.osvdb.org/30978	Trust: 2.4
url:	http://www.insightix.com/files/pdf/bypassing_nac_solutions_whitepaper.pdf	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/446421/100/0/threaded	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4982	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4982	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/446421/100/0/threaded	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/84231	Trust: 0.1

sources: CNVD: CNVD-2006-7397 // VULHUB: VHN-21090 // VULMON: CVE-2006-4982 // JVNDB: JVNDB-2006-001308 // CNNVD: CNNVD-200609-429 // NVD: CVE-2006-4982

SOURCES

db:	CNVD	id:	CNVD-2006-7397
db:	VULHUB	id:	VHN-21090
db:	VULMON	id:	CVE-2006-4982
db:	JVNDB	id:	JVNDB-2006-001308
db:	CNNVD	id:	CNNVD-200609-429
db:	NVD	id:	CVE-2006-4982

LAST UPDATE DATE

2024-08-14T14:15:40.593000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-7397	date:	2006-09-25T00:00:00
db:	VULHUB	id:	VHN-21090	date:	2018-10-17T00:00:00
db:	VULMON	id:	CVE-2006-4982	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2006-001308	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200609-429	date:	2006-09-27T00:00:00
db:	NVD	id:	CVE-2006-4982	date:	2018-10-17T21:40:44.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-7397	date:	2006-09-25T00:00:00
db:	VULHUB	id:	VHN-21090	date:	2006-09-26T00:00:00
db:	VULMON	id:	CVE-2006-4982	date:	2006-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2006-001308	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200609-429	date:	2006-09-25T00:00:00
db:	NVD	id:	CVE-2006-4982	date:	2006-09-26T02:07:00