You are here

U-006:Cisco Network Admission Control Manager Directory Traversal Flaw Lets Remote Users Obtain Potentially Sensitive Information

October 7, 2011 - 8:45am

Addthis

PROBLEM:

Cisco Network Admission Control Manager Directory Traversal Flaw Lets Remote Users Obtain Potentially Sensitive Information

PLATFORM:

Cisco NAC Manager software versions 4.8.X
Cisco NAC Manager software versions 4.7.X and earlier are not affected

ABSTRACT:
 

An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.
 

reference LINKS:
  

Cisco Security Advisory Document ID: 113189
SecurityTracker Alert ID: 1026142
CVE-2011-3305

 

IMPACT ASSESSMENT:

High

Discussion:

A vulnerability was reported in Cisco Network Admission Control Manager. A remote user can view files on the target system.A remote user can supply a specially crafted request to view files on target system, including password files and system logs. The appliance itself is not affected.

Impact:

An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.

Solution:

The vendor has issued a fix : Cisco NAC Appliance 4.9

 

Addthis