Vulnerability Name:

CVE-2005-4825 (CCN-23698)

Assigned:2005-12-16
Published:2005-12-16
Updated:2018-10-30
Summary:Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332.
CVSS v3 Severity:9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:5.7 Medium (CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-4332

Source: MITRE
Type: CNA
CVE-2005-4825

Source: CCN
Type: SA18103
Cisco Clean Access Manager Obsolete JSP Files Vulnerability

Source: CCN
Type: SECTRACK ID: 1015375
Cisco Clean Access Lack of Authentication in Secure Smart Manager Lets Remote Users Deny Service

Source: CCN
Type: Cisco Security Notice - Document ID: 68479
Response to DoS in Cisco Clean Access

Source: CISCO
Type: Patch, Vendor Advisory
20051221 Response to DoS in Cisco Clean Access

Source: OSVDB
Type: Vendor Advisory
21959

Source: CCN
Type: OSVDB ID: 21956
Cisco Clean Access Secure Smart Manager /admin/uploadclient.jsp Authentication Bypass File Upload DoS

Source: CCN
Type: OSVDB ID: 21957
Cisco Clean Access Secure Smart Manager apply_firmware_action.jsp Authentication Bypass File Upload DoS

Source: CCN
Type: OSVDB ID: 21958
Cisco Clean Access Secure Smart Manager file.jsp Authentication Bypass File Upload DoS

Source: CCN
Type: OSVDB ID: 21959
Cisco Clean Access Secure Smart Manager ieee8021x.jsp Authentication Bypass File Upload DoS

Source: BUGTRAQ
Type: Vendor Advisory
20051216 DoS in Cisco Clean Access

Source: CCN
Type: BID-15909
Cisco Clean Access Multiple JSP Pages Access Validation Vulnerability

Source: XF
Type: UNKNOWN
cisco-cca-file-upload-dos(23698)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5(9):*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:network_admission_control_manager_and_server_system_software:3.5.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco network admission control manager and server system software 3.5
    cisco network admission control manager and server system software 3.5(9)
    cisco network admission control manager and server system software 3.5.1
    cisco network admission control manager and server system software 3.5.2
    cisco network admission control manager and server system software 3.5.3
    cisco network admission control manager and server system software 3.5.4
    cisco network admission control manager and server system software 3.5.5