CVE-2007-0058

Current Description

Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.

Basic Data

PublishedJanuary 04, 2007
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoNetwork Admission Control Manager And Server System Software********3.5.03.5.9
    2.3ApplicationCiscoNetwork Admission Control Manager And Server System Software********3.6.0.03.6.1.1

Vulnerable Software List

VendorProductVersions
Cisco Network Admission Control Manager And Server System Software *

References

NameSourceURLTags
23556http://secunia.com/advisories/23556SECUNIAThird Party Advisory
1017465http://securitytracker.com/id?1017465SECTRACKThird Party Advisory VDB Entry
20070103 Multiple Vulnerabilities in Cisco Clean Accesshttp://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtmlCISCOVendor Advisory
32579http://www.osvdb.org/32579OSVDBBroken Link
ADV-2007-0030http://www.vupen.com/english/advisories/2007/0030VUPENThird Party Advisory