Home » Story links » Nov1's story links

Cisco reveals multiple Clean Access flaws

Link: http://www.scmagazine.com/us/news/article/624648/cisco-revea...
Points: 574 views User: Nov1 Comments: 0 Comments Tag:

Cisco Systems has reported multiple privilege-escalation vulnerabilities affecting the networking giant's Clean Access software solution. The flaws could be exploited by attackers to "bypass security restrictions or gain knowledge of sensitive information," according to a French Security Incident Response Team (FrSIRT) advisory. The first flaw is caused by the improper configuration of a secret shared by the Cisco Clean Access Manager (CAM) and Clean Access Server (CAS). The second is caused when manual database backups, or snapshots, stored on the CAM are given predictable filenames.

According to a Cisco advisory, backups taken on CAM are "not encrypted or otherwise protected."

FrIST rated the vulnerabilities "high risk," while Secunia assigned them a "moderately critical" rating.

There are no workarounds, although the Cisco advisory suggests administrators remove "readable snapshot files" soon after they are created.


Email: Email this Story to a Friend

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.