Critical

CVE-2005-4332 - Unspecified vulnerability in Cisco Clean Access

Publication: 2005-12-17
Summary

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.

Risk level (CVSS 9.4)

Critical

9.4

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Cisco Clean Access 3.3
  • Cisco Clean Access 3.3.1
  • Cisco Clean Access 3.3.2
  • Cisco Clean Access 3.3.3
  • Cisco Clean Access 3.3.4
  • Cisco Clean Access 3.3.5
  • Cisco Clean Access 3.3.6
  • Cisco Clean Access 3.3.7
  • Cisco Clean Access 3.3.8
  • Cisco Clean Access 3.3.9
  • Cisco Clean Access 3.4
  • Cisco Clean Access 3.4.1
  • Cisco Clean Access 3.4.2
  • Cisco Clean Access 3.4.3
  • Cisco Clean Access 3.4.4
  • Cisco Clean Access 3.4.5
  • Cisco Clean Access 3.5
  • Cisco Clean Access 3.5.1
  • Cisco Clean Access 3.5.2
  • Cisco Clean Access 3.5.3
  • Cisco Clean Access 3.5.4
  • Cisco Clean Access 3.5.5