certfr_avis - certa-2011-avi-573

CERTA-2011-AVI-573

Vulnerability from certfr_avis

Une vulnérabilité dans Cisco Network Admission Control Manager permet à une personne malintentionnée de porter atteinte à la confidentialité de certaines données.

Description

Une vulnérabilité permettant le parcours de certaines arborescences de répertoires a été découverte dans Cisco Network Admission Control Manager. Cette vulnérabilité permet à une personne malintentionnée de porter atteinte à la confidentialité de certaines données dont des fichiers contenant des mots de passe ou des journaux du système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Network Admission Control Manager versions 4.8.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CVE-2011-3305 (GCVE-0-2011-3305)

Vulnerability from cvelistv5

Published

2011-10-06 10:00

Modified

2024-08-06 23:29

Severity ?

CWE

Summary

Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.

References

URL

Tags

	http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id?1026142	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/46309	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/49954	vdb-entry, x_refsource_BID
	http://osvdb.org/76080	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/70335	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml"
          },
          {
            "name": "1026142",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026142"
          },
          {
            "name": "46309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46309"
          },
          {
            "name": "49954",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49954"
          },
          {
            "name": "76080",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/76080"
          },
          {
            "name": "cisco-nac-directory-traversal(70335)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml"
        },
        {
          "name": "1026142",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026142"
        },
        {
          "name": "46309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46309"
        },
        {
          "name": "49954",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49954"
        },
        {
          "name": "76080",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/76080"
        },
        {
          "name": "cisco-nac-directory-traversal(70335)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-3305",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml"
            },
            {
              "name": "1026142",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026142"
            },
            {
              "name": "46309",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46309"
            },
            {
              "name": "49954",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49954"
            },
            {
              "name": "76080",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/76080"
            },
            {
              "name": "cisco-nac-directory-traversal(70335)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-3305",
    "datePublished": "2011-10-06T10:00:00",
    "dateReserved": "2011-08-29T00:00:00",
    "dateUpdated": "2024-08-06T23:29:56.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted