Vulnerability Description
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Network Admission Control Manager And Server System Software | >= 3.5.0, <= 3.5.9 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/23556Third Party Advisory
- http://securitytracker.com/id?1017465Third Party AdvisoryVDB Entry
- http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtmlVendor Advisory
- http://www.osvdb.org/32579Broken Link
- http://www.vupen.com/english/advisories/2007/0030Third Party Advisory
- http://secunia.com/advisories/23556Third Party Advisory
- http://securitytracker.com/id?1017465Third Party AdvisoryVDB Entry
- http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtmlVendor Advisory
- http://www.osvdb.org/32579Broken Link
- http://www.vupen.com/english/advisories/2007/0030Third Party Advisory
FAQ
What is CVE-2007-0058?
CVE-2007-0058 is a vulnerability with a CVSS score of 7.8 (HIGH). Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups...
How severe is CVE-2007-0058?
CVE-2007-0058 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0058?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Network Admission Control Manager And Server System Software.