Vulnerabilities > CVE-2005-4332 - JSP Pages Access Validation vulnerability in Cisco Clean Access

CVSS 9.4 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

cisco

critical

NVD

Published: 2005-12-17

Updated: 2018-10-30

Summary

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Network Admission Control Manager AND Server System Software 3.3 Cisco Network Admission Control Manager AND Server System Software 3.3.1 Cisco Network Admission Control Manager AND Server System Software 3.3.2 Cisco Network Admission Control Manager AND Server System Software 3.3.3 Cisco Network Admission Control Manager AND Server System Software 3.3.4 Cisco Network Admission Control Manager AND Server System Software 3.3.5 Cisco Network Admission Control Manager AND Server System Software 3.3.6 Cisco Network Admission Control Manager AND Server System Software 3.3.7 Cisco Network Admission Control Manager AND Server System Software 3.3.8 Cisco Network Admission Control Manager AND Server System Software 3.3.9 Cisco Network Admission Control Manager AND Server System Software 3.4 Cisco Network Admission Control Manager AND Server System Software 3.4.1 Cisco Network Admission Control Manager AND Server System Software 3.4.2 Cisco Network Admission Control Manager AND Server System Software 3.4.3 Cisco Network Admission Control Manager AND Server System Software 3.4.4 Cisco Network Admission Control Manager AND Server System Software 3.4.5 Cisco Network Admission Control Manager AND Server System Software 3.5 Cisco Network Admission Control Manager AND Server System Software 3.5.1 Cisco Network Admission Control Manager AND Server System Software 3.5.2 Cisco Network Admission Control Manager AND Server System Software 3.5.3 Cisco Network Admission Control Manager AND Server System Software 3.5.4 Cisco Network Admission Control Manager AND Server System Software 3.5.5	22

Summary

Vulnerable Configurations

References