Lucene search

MitreCVE-2006-4983

HistorySep 26, 2006 - 2:07 a.m.

CVE-2006-4983

2006-09-2602:07:00

mitre

web.nvd.nist.gov

cisco

nac

vulnerability

bypass

dns

dhcp

eapoudp

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

73.9%

JSON

Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols.

Affected configurations

Nvd

Node

cisconetwork_access_control

VendorProductVersionCPE
cisconetwork_access_control*cpe:2.3:o:cisco:network_access_control:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	network_access_control	*	cpe:2.3:o:cisco:network_access_control::::::::

References

www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf

www.osvdb.org/30977

www.securityfocus.com/archive/1/446421/100/0/threaded

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

73.9%

JSON

Related for CVE-2006-4983