Vulnerability Description
The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Network Admission Control | <= 3.6.4.1 |
| Cisco | Network Admission Control Manager And Server System Software | 3.3 |
References
- http://archive.cert.uni-stuttgart.de/archive/bugtraq/2005/08/msg00200.html
- http://www.cisco.com/en/US/products/ps6128/products_security_notice09186a00804fa
- http://www.cisco.com/en/US/products/ps6128/tsd_products_security_response09186a0
- http://www.securityfocus.com/archive/1/408603/30/0/threaded
- http://www.securityfocus.com/archive/1/444424/100/0/threaded
- http://www.securityfocus.com/archive/1/444501/100/0/threaded
- http://www.securityfocus.com/archive/1/444737/100/0/threaded
- http://www.securityfocus.com/bid/19726
- http://archive.cert.uni-stuttgart.de/archive/bugtraq/2005/08/msg00200.html
- http://www.cisco.com/en/US/products/ps6128/products_security_notice09186a00804fa
- http://www.cisco.com/en/US/products/ps6128/tsd_products_security_response09186a0
- http://www.securityfocus.com/archive/1/408603/30/0/threaded
- http://www.securityfocus.com/archive/1/444424/100/0/threaded
- http://www.securityfocus.com/archive/1/444501/100/0/threaded
- http://www.securityfocus.com/archive/1/444737/100/0/threaded
FAQ
What is CVE-2006-4430?
CVE-2006-4430 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by...
How severe is CVE-2006-4430?
CVE-2006-4430 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4430?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Network Admission Control, Cisco Network Admission Control Manager And Server System Software.