Summary
=======
A vulnerability exists in the Cisco Network Admission Control (NAC)
Appliance that can allow an attacker to obtain the shared secret that
is used between the Cisco Clean Access Server (CAS) and the Cisco Clean
Access Manager (CAM).
Cisco has released free software updates that address this
vulnerability.
* Cisco Computer Telephony Integration Object Server (CTI)
* Cisco IOS Software
* Cisco IP/TV
* Cisco Meetingplace
* Cisco Mobile Wireless Fault Mediator (MWFM)
* Cisco NAC Appliance (formerly Cisco Clean Access)
* Cisco Secure Access Control Server (ACS)
* Cisco Secure Desktop
* Cisco Security Agent
* Cisco Security Monitoring, Analysis and Response System (MARS)
* Cisco SSL VPN Client (SVC)
currently known to be affected by this vulnerability.
Details
=======
The Cisco NAC (formerly Cisco Clean Access) solution allows network
administrators to authenticate, authorize, evaluate, and remediate
wired, wireless, and remote users and their machines prior to
allowing users onto the network. The solution identifies whether
machines are compliant with security policies and repairs
vulnerabilities before permitting access to the network. You can use
| | |
|----------------------------+-------------------------------|
| Cisco Unified MeetingPlace | CSCtd02709 |
| | |
|----------------------------+-------------------------------|
| Cisco NAC Appliance (Clean | CSCtd01453 |
| Access) | |
|----------------------------+-------------------------------|
| Cisco NAC Guest Server | CSCtd01462 |
| | |
|----------------------------+-------------------------------|
