Vulnerability Description
Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Network Access Control | All versions |
References
- http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf
- http://www.osvdb.org/30978
- http://www.securityfocus.com/archive/1/446421/100/0/threaded
- http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf
- http://www.osvdb.org/30978
- http://www.securityfocus.com/archive/1/446421/100/0/threaded
FAQ
What is CVE-2006-4982?
CVE-2006-4982 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by s...
How severe is CVE-2006-4982?
CVE-2006-4982 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4982?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Network Access Control.