Vulnerability Description
Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Network Access Control | All versions |
References
- http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf
- http://www.osvdb.org/30977
- http://www.securityfocus.com/archive/1/446421/100/0/threaded
- http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf
- http://www.osvdb.org/30977
- http://www.securityfocus.com/archive/1/446421/100/0/threaded
FAQ
What is CVE-2006-4983?
CVE-2006-4983 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one ...
How severe is CVE-2006-4983?
CVE-2006-4983 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4983?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Network Access Control.