Vulnerabilites related to cisco - nac_appliance
CVE-2011-3305 (GCVE-0-2011-3305)
Vulnerability from cvelistv5
Published
2011-10-06 10:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1026142 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/46309 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/49954 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/76080 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70335 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml"
},
{
"name": "1026142",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026142"
},
{
"name": "46309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46309"
},
{
"name": "49954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49954"
},
{
"name": "76080",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76080"
},
{
"name": "cisco-nac-directory-traversal(70335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml"
},
{
"name": "1026142",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026142"
},
{
"name": "46309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46309"
},
{
"name": "49954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49954"
},
{
"name": "76080",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76080"
},
{
"name": "cisco-nac-directory-traversal(70335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-3305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml"
},
{
"name": "1026142",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026142"
},
{
"name": "46309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46309"
},
{
"name": "49954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49954"
},
{
"name": "76080",
"refsource": "OSVDB",
"url": "http://osvdb.org/76080"
},
{
"name": "cisco-nac-directory-traversal(70335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-3305",
"datePublished": "2011-10-06T10:00:00",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6029 (GCVE-0-2012-6029)
Vulnerability from cvelistv5
Published
2013-01-31 11:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/ | x_refsource_MISC | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
},
{
"name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
},
{
"name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-6029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/",
"refsource": "MISC",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
},
{
"name": "20130130 Cisco NAC Appliance Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-6029",
"datePublished": "2013-01-31T11:00:00",
"dateReserved": "2012-11-21T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-01-31 12:06
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | nac_appliance | * | |
| cisco | nac_appliance | - | |
| cisco | nac_appliance | 3.6 | |
| cisco | nac_appliance | 4.0 | |
| cisco | nac_appliance | 4.1 | |
| cisco | nac_appliance | 4.5 | |
| cisco | nac_appliance | 4.6 | |
| cisco | nac_appliance | 4.7 | |
| cisco | nac_appliance | 4.7.1 | |
| cisco | nac_appliance | 4.7.2 | |
| cisco | nac_appliance | 4.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B33B0326-450D-4A0D-921C-882648C0D909",
"versionEndIncluding": "4.9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A22731E5-02B7-481A-925D-DF0B6A1CCA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0688C2-582A-49DE-917E-C74124F4ADD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11D5E336-EA9B-449E-B9B9-EA7F5901545D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE45899-8EA3-411F-82ED-C731498AAD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8953EA9-0F23-403A-974C-61EA0339C42B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21BC1BB3-BB3B-455B-A266-827294717B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA925FCD-C2DB-451E-8C03-958C3A40B342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04A81F45-7C52-48A6-8DF7-13286741DBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B764128-14BA-41A3-BE45-CB3D7D39DE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "21EAE487-8FC8-4518-A260-DE6DB2E217C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n de autenticaci\u00f3n web de Cisco NAC Appliance v4.9.2 y anteriores que permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) cm o (2) par\u00e1metros uri a (a) perfigo_weblogin.jsp, o el (3) cm, (4) provider, (5) session, (6) uri, (7) userip, o (8) par\u00e1metros username a (b) perfigo_cm_validate.jsp, tambi\u00e9n como Bug ID CSCud15109."
}
],
"id": "CVE-2012-6029",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-31T12:06:18.283",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
},
{
"source": "psirt@cisco.com",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-06 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | nac_manager | 4.8 | |
| cisco | nac_manager | 4.8\(1\) | |
| cisco | nac_manager | 4.8\(2\) | |
| cisco | nac_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:nac_manager:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "462272D0-56D4-4B6E-9391-0E0F8E6F9EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:nac_manager:4.8\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D60ABFAD-5BEB-43E1-A55C-35973180B59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:nac_manager:4.8\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0884046A-1A4C-41FD-9898-D0906401AD1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nac_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4FBD568-9A85-48B0-8E34-6AE13E71F6BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Cisco Network Admisi\u00f3n Control (NAC) Manager v4.8.x permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de tr\u00e1fico manipulado para el puerto TCP 443, tambi\u00e9n conocido como Bug ID CSCtq10755."
}
],
"id": "CVE-2011-3305",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-06T10:55:05.723",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/76080"
},
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/46309"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/49954"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1026142"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/76080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}