| |
Vulnerability CVE-2006-4983
Published: 2006-09-25 Modified: 2012-02-12
| Description: |
Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols. |
Type:
CWE-Other
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.5/10 |
6.4/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf
http://www.securityfocus.com/archive/1/446421/100/0/threaded
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
