Cisco issued an urgent security advisory on Wednesday warning users about a critical vulnerability that exists in the company's NAC appliance. The vulnerability allows an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM). An attacker can obtain the shared secret from error logs that are transmitted over the network. Obtaining this information could enable an attacker to gain complete control of the CAS remotely. Cisco has forgone its biannual patching cycle to release this patch, The vulnerability rating is listed as a 10 on the CVSS scale. The patch is available here.
More from Cisco Subnet:
What not to love about Cisco routers as Linux app servers
Cisco partners must grow Cisco reseller business by $20B
Cisco drops plans to beta CCDE practical exam
Cisco's skill shortage math doesn't add up
3Com and Cisco dumb and dumber?
Nexus: Hands on with NX-OS
CCNP lab essentials
Jeff Doyle: Understanding MPLSGo to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
20 useful sites for Cisco networking professionals
This month's Cisco Subnet giveaways
Network World's IT Buyer's Guide: Cisco products
Subscribe to Network World's Cisco Alert, which includes a weekly digest of all Cisco Subnet items
The Cisco Subnet blog is the official blog of the Network World Cisco Subnet community, managed by Editor Linda Leung. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
(WAN community)
|
|
