CVE-2011-3305

2011-10-0610:55:05

CWE-22

cisco

web.nvd.nist.gov

cisco

nac

manager

vulnerability

cve-2011-3305

directory traversal

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.015

Percentile

87.0%

JSON

Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.

Affected configurations

Nvd

Node

cisconac_managerMatch4.8

cisconac_managerMatch4.8\(1\)

cisconac_managerMatch4.8\(2\)

AND

cisconac_appliance

VendorProductVersionCPE
cisconac_manager4.8cpe:2.3:a:cisco:nac_manager:4.8:*:*:*:*:*:*:*
cisconac_manager4.8(1)cpe:2.3:a:cisco:nac_manager:4.8\(1\):*:*:*:*:*:*:*
cisconac_manager4.8(2)cpe:2.3:a:cisco:nac_manager:4.8\(2\):*:*:*:*:*:*:*
cisconac_appliance*cpe:2.3:h:cisco:nac_appliance:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nac_manager	4.8	cpe:2.3:a:cisco:nac_manager:4.8:::::::*
cisco	nac_manager	4.8(1)	cpe:2.3:a:cisco:nac_manager:4.8\(1\):::::::*
cisco	nac_manager	4.8(2)	cpe:2.3:a:cisco:nac_manager:4.8\(2\):::::::*
cisco	nac_appliance	*	cpe:2.3:h:cisco:nac_appliance::::::::