CVE-2007-0057

Current Description

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.

Basic Data

PublishedJanuary 04, 2007
Last ModifiedNovember 01, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-255
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoNetwork Admission Control Manager And Server System Software********3.6.0.03.6.4.2
    2.3ApplicationCiscoNetwork Admission Control Manager And Server System Software********4.0.0.04.0.3.2

Vulnerable Software List

VendorProductVersions
Cisco Network Admission Control Manager And Server System Software *

References

NameSourceURLTags
32578http://osvdb.org/32578OSVDBBroken Link
23617http://secunia.com/advisories/23617SECUNIAThird Party Advisory
1017465http://securitytracker.com/id?1017465SECTRACKThird Party Advisory VDB Entry
20070103 Multiple Vulnerabilities in Cisco Clean Accesshttp://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtmlCISCOPATCH Vendor Advisory
ADV-2007-0030http://www.vupen.com/english/advisories/2007/0030VUPENThird Party Advisory