Описание
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Broken Link
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.0 (включая) до 3.5.9 (включая)Версия от 3.6.0.0 (включая) до 3.6.1.1 (включая)
Одно из
cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01623
Низкий
7.8 High
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
EPSS
Процентиль: 81%
0.01623
Низкий
7.8 High
CVSS2
Дефекты
CWE-200