Wednesday, August 17, 2005

Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access

Via the Cisco website.

Summary:

Cisco Clean Access (CCA) is a software solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network.

CCA includes as part of the architecture an Application Program Interface (API). Lack of authentication while invoking API methods can allow an attacker to bypass security posture checking, change the assigned role for a user, disconnect users and can also lead to information disclosure on configured users.

Cisco has made free software patches available to address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml.

0 Comments:

Post a Comment

<< Home