Vulnerabilities > CVE-2006-4982 - Unspecified vulnerability in Cisco Network Access Control
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
References
- http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf
- http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf
- http://www.osvdb.org/30978
- http://www.osvdb.org/30978
- http://www.securityfocus.com/archive/1/446421/100/0/threaded
- http://www.securityfocus.com/archive/1/446421/100/0/threaded