Cisco warns of vulnerabilities in NAC product

04.01.2007
Networking equipment vendor Cisco Systems Inc. issued an advisory to customers Wednesday about two serious vulnerabilities in its Cisco Clean Access software, a network access control product.

The two issues could allow remote attackers to gain control of the devices, or glean sensitive data from Clean Access customers that could be used to compromise the Clean Access Manager (CAM) product, the company said.

Cisco Clean Access (also known as the Cisco NAC Appliance) is a network access control hardware device that allows companies to screen the machines of users who are attempting to connect to a network over wired, wireless, or remote VPN connections. Clean Access compares systems to established security policies and flag known violations, such as software vulnerabilities or inadequate operating system or antivirus software patch levels before network access is granted. Machines that aren't compliant can be denied access or quarantined.

According to Cisco Security Advisory 72379 , a problem with initial setup of the Cisco Clean Access Manager (CAM) and Clean Access Server (CAS) product makes it impossible to properly configure a "shared secret" that is used to authentication communications between the two devices. The result is that the shared secret cannot be properly set or changed and is identical on all CAM and CAS devices, Cisco said.

Remote hackers could take advantage of the vulnerability by establishing a TCP connection to the CAS device, Cisco said.

A second vulnerability in the Clean Access Manager allows malicious users to view backups of the CAM database without first authenticating on the CAM device. A flaw in the way database backups are stored makes it possible to guess the backup file name and download it without authenticating, Cisco said.