Vulnerabilities > Cisco > Network Admission Control Manager AND Server System Software > 4.0.3.1

DATE	CVE	VULNERABILITY TITLE	RISK
2013-04-18	CVE-2013-1177	SQL Injection vulnerability in Cisco Network Admission Control Manager and Server System Software SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. network low complexity cisco CWE-89	7.5
2007-01-04	CVE-2007-0057	Credentials Management vulnerability in Cisco Network Admission Control Manager and Server System Software Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. network low complexity cisco CWE-255 critical	10.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.