Details of VAR-200701-0591

ID

VAR-200701-0591

CVE

CVE-2007-0057

TITLE

CCA Vulnerable to unauthorized access

Trust: 0.8

sources: JVNDB: JVNDB-2007-001323

DESCRIPTION

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. Cisco Clean Access (CCA) is prone to a remote security vulnerability. Cisco Clean Access (CCA) is a software solution for automatically detecting, quarantining, and cleaning devices infected with malicious code from accessing the network. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Successful exploitation may allow administrative access to a Cisco Access Server, but requires that the attacker is able to establish TCP connections to the target. The security issue is reported in versions 3.6.x - 3.6.4.2 and 4.0.x - 4.0.3.2. SOLUTION: Update to version 3.6.4.3, 4.0.4 and 4.1.0 or apply patch Patch-CSCsg24153.tar.gz. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/en/US/products/products_security_advisory09186a00807b6621.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-0057 // JVNDB: JVNDB-2007-001323 // BID: 86817 // VULHUB: VHN-23419 // PACKETSTORM: 53424

AFFECTED PRODUCTS

vendor:	cisco	model:	network admission control manager and server system software	scope:	gte	version:	3.6.0.0	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	gte	version:	4.0.0.0	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	lt	version:	4.0.3.2	Trust: 1.0
vendor:	cisco	model:	network admission control manager and server system software	scope:	lte	version:	3.6.4.2	Trust: 1.0
vendor:	cisco	model:	clean access	scope:	eq	version:	3.5.9	Trust: 0.9
vendor:	cisco	model:	clean access	scope:	eq	version:	3.6.x to 3.6.4.2 and 4.0.x to 4.0.3.2	Trust: 0.8
vendor:	cisco	model:	clean access	scope:	eq	version:	4.0.4.2	Trust: 0.6
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.6.0.1	Trust: 0.6
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.6.1	Trust: 0.6
vendor:	cisco	model:	clean access	scope:	eq	version:	3.6.4.0.1	Trust: 0.6
vendor:	cisco	model:	clean access	scope:	eq	version:	3.6.1.1	Trust: 0.6
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.6.2	Trust: 0.6
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.6.2.1	Trust: 0.6
vendor:	cisco	model:	network admission control manager and server system software	scope:	eq	version:	3.6.1.1	Trust: 0.6
vendor:	cisco	model:	clean access	scope:	eq	version:	3.6.0.1	Trust: 0.6
vendor:	cisco	model:	clean access	scope:	eq	version:	3.6.11	Trust: 0.3

sources: BID: 86817 // JVNDB: JVNDB-2007-001323 // CNNVD: CNNVD-200701-009 // NVD: CVE-2007-0057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0057
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-0057
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-009
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-23419
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0057
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23419
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-23419 // JVNDB: JVNDB-2007-001323 // CNNVD: CNNVD-200701-009 // NVD: CVE-2007-0057

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.1

sources: VULHUB: VHN-23419 // NVD: CVE-2007-0057

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-009

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-200701-009

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001323

PATCH

title:

cisco-sa-20070103-CleanAccess

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070103-CleanAccess

Trust: 0.8

sources: JVNDB: JVNDB-2007-001323

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0057	Trust: 2.8
db:	SECTRACK	id:	1017465	Trust: 2.0
db:	SECUNIA	id:	23617	Trust: 1.8
db:	OSVDB	id:	32578	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0030	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001323	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-009	Trust: 0.7
db:	CISCO	id:	20070103 MULTIPLE VULNERABILITIES IN CISCO CLEAN ACCESS	Trust: 0.6
db:	BID	id:	86817	Trust: 0.4
db:	VULHUB	id:	VHN-23419	Trust: 0.1
db:	PACKETSTORM	id:	53424	Trust: 0.1

sources: VULHUB: VHN-23419 // BID: 86817 // JVNDB: JVNDB-2007-001323 // PACKETSTORM: 53424 // CNNVD: CNNVD-200701-009 // NVD: CVE-2007-0057

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070103-cleanaccess.shtml	Trust: 2.0
url:	http://securitytracker.com/id?1017465	Trust: 2.0
url:	http://osvdb.org/32578	Trust: 1.7
url:	http://secunia.com/advisories/23617	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/0030	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0057	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0057	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/0030	Trust: 0.6
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a00807b6621.shtml	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/product/5561/	Trust: 0.1
url:	http://secunia.com/advisories/23617/	Trust: 0.1
url:	http://secunia.com/product/13140/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-23419 // BID: 86817 // JVNDB: JVNDB-2007-001323 // PACKETSTORM: 53424 // CNNVD: CNNVD-200701-009 // NVD: CVE-2007-0057

CREDITS

Unknown

Trust: 0.3

sources: BID: 86817

SOURCES

db:	VULHUB	id:	VHN-23419
db:	BID	id:	86817
db:	JVNDB	id:	JVNDB-2007-001323
db:	PACKETSTORM	id:	53424
db:	CNNVD	id:	CNNVD-200701-009
db:	NVD	id:	CVE-2007-0057

LAST UPDATE DATE

2025-04-10T23:18:16.139000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-23419	date:	2018-11-01T00:00:00
db:	BID	id:	86817	date:	2007-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2007-001323	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-009	date:	2007-01-05T00:00:00
db:	NVD	id:	CVE-2007-0057	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-23419	date:	2007-01-04T00:00:00
db:	BID	id:	86817	date:	2007-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2007-001323	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	53424	date:	2007-01-04T17:16:54
db:	CNNVD	id:	CNNVD-200701-009	date:	2007-01-04T00:00:00
db:	NVD	id:	CVE-2007-0057	date:	2007-01-04T22:28:00