VAR-200701-0591
Vulnerability from variot - Updated: 2023-12-18 13:15Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. Cisco Clean Access (CCA) is prone to a remote security vulnerability. Cisco Clean Access (CCA) is a software solution for automatically detecting, quarantining, and cleaning devices infected with malicious code from accessing the network.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
Successful exploitation may allow administrative access to a Cisco Access Server, but requires that the attacker is able to establish TCP connections to the target.
The security issue is reported in versions 3.6.x - 3.6.4.2 and 4.0.x - 4.0.3.2.
SOLUTION: Update to version 3.6.4.3, 4.0.4 and 4.1.0 or apply patch Patch-CSCsg24153.tar.gz.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.cisco.com/en/US/products/products_security_advisory09186a00807b6621.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network admission control manager and server system software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6.4.2"
},
{
"model": "network admission control manager and server system software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6.0.0"
},
{
"model": "network admission control manager and server system software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.2"
},
{
"model": "network admission control manager and server system software",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.0"
},
{
"model": "clean access",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3.5.9"
},
{
"model": "clean access",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.6.x to 3.6.4.2 and 4.0.x to 4.0.3.2"
},
{
"model": "clean access",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0.4.2"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6.0.1"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6.1"
},
{
"model": "clean access",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6.4.0.1"
},
{
"model": "clean access",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6.1.1"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6.2"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6.2.1"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6.1.1"
},
{
"model": "clean access",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.6.0.1"
},
{
"model": "clean access",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.6.11"
}
],
"sources": [
{
"db": "BID",
"id": "86817"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001323"
},
{
"db": "NVD",
"id": "CVE-2007-0057"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.6.4.2",
"versionStartIncluding": "3.6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.3.2",
"versionStartIncluding": "4.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0057"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "86817"
}
],
"trust": 0.3
},
"cve": "CVE-2007-0057",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-0057",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-23419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0057",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-009",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-23419",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23419"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001323"
},
{
"db": "NVD",
"id": "CVE-2007-0057"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. Cisco Clean Access (CCA) is prone to a remote security vulnerability. Cisco Clean Access (CCA) is a software solution for automatically detecting, quarantining, and cleaning devices infected with malicious code from accessing the network. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\nSuccessful exploitation may allow administrative access to a Cisco\nAccess Server, but requires that the attacker is able to establish\nTCP connections to the target. \n\nThe security issue is reported in versions 3.6.x - 3.6.4.2 and 4.0.x\n- 4.0.3.2. \n\nSOLUTION:\nUpdate to version 3.6.4.3, 4.0.4 and 4.1.0 or apply patch\nPatch-CSCsg24153.tar.gz. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/en/US/products/products_security_advisory09186a00807b6621.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0057"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001323"
},
{
"db": "BID",
"id": "86817"
},
{
"db": "VULHUB",
"id": "VHN-23419"
},
{
"db": "PACKETSTORM",
"id": "53424"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0057",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1017465",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "23617",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "32578",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0030",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001323",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200701-009",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20070103 MULTIPLE VULNERABILITIES IN CISCO CLEAN ACCESS",
"trust": 0.6
},
{
"db": "BID",
"id": "86817",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-23419",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "53424",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23419"
},
{
"db": "BID",
"id": "86817"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001323"
},
{
"db": "PACKETSTORM",
"id": "53424"
},
{
"db": "NVD",
"id": "CVE-2007-0057"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
]
},
"id": "VAR-200701-0591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23419"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:15:49.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20070103-CleanAccess",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20070103-cleanaccess"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001323"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23419"
},
{
"db": "NVD",
"id": "CVE-2007-0057"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070103-cleanaccess.shtml"
},
{
"trust": 2.0,
"url": "http://securitytracker.com/id?1017465"
},
{
"trust": 1.7,
"url": "http://osvdb.org/32578"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23617"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0030"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0057"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0057"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0030"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00807b6621.shtml"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5561/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23617/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13140/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23419"
},
{
"db": "BID",
"id": "86817"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001323"
},
{
"db": "PACKETSTORM",
"id": "53424"
},
{
"db": "NVD",
"id": "CVE-2007-0057"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23419"
},
{
"db": "BID",
"id": "86817"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001323"
},
{
"db": "PACKETSTORM",
"id": "53424"
},
{
"db": "NVD",
"id": "CVE-2007-0057"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-23419"
},
{
"date": "2007-01-04T00:00:00",
"db": "BID",
"id": "86817"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001323"
},
{
"date": "2007-01-04T17:16:54",
"db": "PACKETSTORM",
"id": "53424"
},
{
"date": "2007-01-04T22:28:00",
"db": "NVD",
"id": "CVE-2007-0057"
},
{
"date": "2007-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-23419"
},
{
"date": "2007-01-04T00:00:00",
"db": "BID",
"id": "86817"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001323"
},
{
"date": "2018-11-01T16:53:19.347000",
"db": "NVD",
"id": "CVE-2007-0057"
},
{
"date": "2007-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CCA Vulnerable to unauthorized access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001323"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-009"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…