PROBLEM:
Cisco Network Admission Control Manager Directory Traversal Flaw Lets Remote Users Obtain Potentially Sensitive Information
PLATFORM:
Cisco NAC Manager software versions 4.8.X
Cisco NAC Manager software versions 4.7.X and earlier are not affected
ABSTRACT:
An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.
reference LINKS:
Cisco Security Advisory Document ID: 113189
SecurityTracker Alert ID: 1026142
CVE-2011-3305
IMPACT ASSESSMENT:
High
Discussion:
A vulnerability was reported in Cisco Network Admission Control Manager. A remote user can view files on the target system.A remote user can supply a specially crafted request to view files on target system, including password files and system logs. The appliance itself is not affected.
Impact:
An unauthenticated attacker could exploit this vulnerability to access sensitive information, including password files and system logs, that could be leveraged to launch subsequent attacks.
Solution:
The vendor has issued a fix : Cisco NAC Appliance 4.9