1. CVE-Search
  2. CVE-2005-4332
ID CVE-2005-4332
Summary Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.5:*:*:*:*:*:*:*
CVSS
Base: 9.4 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:C/A:C
refmap via4
bid 15909
bugtraq
  • 20051216 DoS in Cisco Clean Access
  • 20051221 Cisco Security Response: DoS in Cisco Clean Access
cisco 20051221 Response to DoS in Cisco Clean Access
misc http://www.awarenetwork.org/forum/viewtopic.php?p=2236
osvdb
  • 21956
  • 21957
  • 21958
sectrack 1015375
secunia 18103
sreason 265
vupen ADV-2005-3007
Last major update 30-10-2018 - 16:26
Published 17-12-2005 - 11:03
Last modified 30-10-2018 - 16:26
Back to Top