Details of VAR-200609-0498

ID

VAR-200609-0498

CVE

CVE-2006-4983

TITLE

Cisco NAC Vulnerabilities in which control methods can be bypassed

Trust: 0.8

sources: JVNDB: JVNDB-2006-001309

DESCRIPTION

Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols

Trust: 2.25

sources: NVD: CVE-2006-4983 // JVNDB: JVNDB-2006-001309 // CNVD: CNVD-2006-7385 // VULHUB: VHN-21091

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-7385

AFFECTED PRODUCTS

vendor:	cisco	model:	network access control	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	network access control	scope:	eq	version:	*	Trust: 1.0
vendor:	photopost	model:	php pro photopost	scope:	eq	version:	4.5	Trust: 0.6
vendor:	photopost	model:	php pro photopost	scope:	eq	version:	4.6	Trust: 0.6

sources: CNVD: CNVD-2006-7385 // JVNDB: JVNDB-2006-001309 // CNNVD: CNNVD-200609-439 // NVD: CVE-2006-4983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4983
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-4983
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2006-7385
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-200609-439
value:	HIGH
Trust: 0.6
VULHUB:	VHN-21091
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-4983
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2006-7385
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-21091
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2006-7385 // VULHUB: VHN-21091 // JVNDB: JVNDB-2006-001309 // CNNVD: CNNVD-200609-439 // NVD: CVE-2006-4983

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-439

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200609-439

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001309

PATCH

title:

Top Page

url:

http://www.cisco.com/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001309

EXTERNAL IDS

db:	NVD	id:	CVE-2006-4983	Trust: 3.1
db:	OSVDB	id:	30977	Trust: 2.3
db:	JVNDB	id:	JVNDB-2006-001309	Trust: 0.8
db:	CNNVD	id:	CNNVD-200609-439	Trust: 0.7
db:	CNVD	id:	CNVD-2006-7385	Trust: 0.6
db:	BUGTRAQ	id:	20060919 WHITE PAPER RELEASE: BYPASSING NETWORK ACCESS CONTROL (NAC) SYSTEMS	Trust: 0.6
db:	BID	id:	84234	Trust: 0.1
db:	VULHUB	id:	VHN-21091	Trust: 0.1

sources: CNVD: CNVD-2006-7385 // VULHUB: VHN-21091 // JVNDB: JVNDB-2006-001309 // CNNVD: CNNVD-200609-439 // NVD: CVE-2006-4983

REFERENCES

url:	http://www.osvdb.org/30977	Trust: 2.3
url:	http://www.insightix.com/files/pdf/bypassing_nac_solutions_whitepaper.pdf	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/446421/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4983	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4983	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/446421/100/0/threaded	Trust: 0.6

sources: CNVD: CNVD-2006-7385 // VULHUB: VHN-21091 // JVNDB: JVNDB-2006-001309 // CNNVD: CNNVD-200609-439 // NVD: CVE-2006-4983

SOURCES

db:	CNVD	id:	CNVD-2006-7385
db:	VULHUB	id:	VHN-21091
db:	JVNDB	id:	JVNDB-2006-001309
db:	CNNVD	id:	CNNVD-200609-439
db:	NVD	id:	CVE-2006-4983

LAST UPDATE DATE

2024-08-14T14:15:40.541000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-7385	date:	2006-09-25T00:00:00
db:	VULHUB	id:	VHN-21091	date:	2018-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2006-001309	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200609-439	date:	2006-09-27T00:00:00
db:	NVD	id:	CVE-2006-4983	date:	2018-10-17T21:40:44.857

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-7385	date:	2006-09-25T00:00:00
db:	VULHUB	id:	VHN-21091	date:	2006-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2006-001309	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200609-439	date:	2006-09-25T00:00:00
db:	NVD	id:	CVE-2006-4983	date:	2006-09-26T02:07:00