OSVDB ID: 21959

Title: Cisco Clean Access Secure Smart Manager ieee8021x.jsp Authentication Bypass File Upload DoS

Info

Disclosure

Dec 16, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Clean Access Manager contains a flaw that may allow a remote denial of service. The issue is caused by the ieee8021x.jsp script failing to require a username and password in order to upload files, and will result in loss of availability for the platform if an attacker chooses to fill the partition with files.

Classification

Location: Remote / Network Access
Impact: Loss of Availability
Exploit: Exploit Public
OSVDB: Web Related, Security Software

Solution

Upgrade to version 3.6(1) or higher, as it has been reported to fix this vulnerability. In addition, Cisco has released a patch for some older versions.

Products

Cisco Systems, Inc.

Clean Access Manager

3.3 (x)
3.4 (x)
3.5 (x)
3.6

References

Credit

  • Alex Lanstein - alexbox.sk -


Direct URL: http://osvdb.org/21959