1. CVE-Search
  2. CVE-2005-2631
ID CVE-2005-2631
Summary Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.5.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 14585
cisco 20050817 Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access
secunia 16472
xf cisco-cca-security-bypass(21884)
Last major update 30-10-2018 - 16:26
Published 23-08-2005 - 04:00
Last modified 30-10-2018 - 16:26
Back to Top