Vulnerability Name:

CVE-2005-4332 (CCN-23698)

Assigned:2005-12-16
Published:2005-12-16
Updated:2018-10-30
Summary:Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
CVSS v3 Severity:9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.4 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-4332

Source: MITRE
Type: CNA
CVE-2005-4825

Source: CCN
Type: SA18103
Cisco Clean Access Manager Obsolete JSP Files Vulnerability

Source: SECUNIA
Type: UNKNOWN
18103

Source: SREASON
Type: UNKNOWN
265

Source: CCN
Type: SECTRACK ID: 1015375
Cisco Clean Access Lack of Authentication in Secure Smart Manager Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1015375

Source: MISC
Type: Vendor Advisory
http://www.awarenetwork.org/forum/viewtopic.php?p=2236

Source: CCN
Type: Cisco Security Notice - Document ID: 68479
Response to DoS in Cisco Clean Access

Source: CISCO
Type: UNKNOWN
20051221 Response to DoS in Cisco Clean Access

Source: OSVDB
Type: UNKNOWN
21956

Source: OSVDB
Type: UNKNOWN
21957

Source: OSVDB
Type: UNKNOWN
21958

Source: CCN
Type: OSVDB ID: 21956
Cisco Clean Access Secure Smart Manager /admin/uploadclient.jsp Authentication Bypass File Upload DoS

Source: CCN
Type: OSVDB ID: 21957
Cisco Clean Access Secure Smart Manager apply_firmware_action.jsp Authentication Bypass File Upload DoS

Source: CCN
Type: OSVDB ID: 21958
Cisco Clean Access Secure Smart Manager file.jsp Authentication Bypass File Upload DoS

Source: CCN
Type: OSVDB ID: 21959
Cisco Clean Access Secure Smart Manager ieee8021x.jsp Authentication Bypass File Upload DoS

Source: BUGTRAQ
Type: UNKNOWN
20051216 DoS in Cisco Clean Access

Source: BUGTRAQ
Type: UNKNOWN
20051221 Cisco Security Response: DoS in Cisco Clean Access

Source: BID
Type: UNKNOWN
15909

Source: CCN
Type: BID-15909
Cisco Clean Access Multiple JSP Pages Access Validation Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-3007

Source: XF
Type: UNKNOWN
cisco-cca-file-upload-dos(23698)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco network admission control manager and server system software 3.3
    cisco network admission control manager and server system software 3.3.1
    cisco network admission control manager and server system software 3.3.2
    cisco network admission control manager and server system software 3.3.3
    cisco network admission control manager and server system software 3.3.4
    cisco network admission control manager and server system software 3.3.5
    cisco network admission control manager and server system software 3.3.6
    cisco network admission control manager and server system software 3.3.7
    cisco network admission control manager and server system software 3.3.8
    cisco network admission control manager and server system software 3.3.9
    cisco network admission control manager and server system software 3.4
    cisco network admission control manager and server system software 3.4.1
    cisco network admission control manager and server system software 3.4.2
    cisco network admission control manager and server system software 3.4.3
    cisco network admission control manager and server system software 3.4.4
    cisco network admission control manager and server system software 3.4.5
    cisco network admission control manager and server system software 3.5
    cisco network admission control manager and server system software 3.5.1
    cisco network admission control manager and server system software 3.5.2
    cisco network admission control manager and server system software 3.5.3
    cisco network admission control manager and server system software 3.5.4
    cisco network admission control manager and server system software 3.5.5