Cisco Clean Access not, uh, clean Courtesy of http://www.geercom.com (use this link to go home if you surfed here from my professional writing site).

Geer Communications. David Geer - your on-time technology writer!

Welcome!

Cisco Clean Access cleans external infected devices before they are allowed to connect to your network. However, Clean Access has two vulnerabilities that make it possible for attackers to get past it.

The first vulnerability is the shared secret (used to authenticate) between the Cisco Clean Access Manager (CAM) and the Cisco Clean Access Server (CAS). What's no secret is that the shared secret cannot be changed.

Because the shared secret is configured during the initial CAM and CAS setup with a default secret that every iteration of the product uses, and because there is no mechanism to drop the default and assign a new shared secret, this vulnerability can be exploited by an attacker simply by establish a TCP connection to the CAS. All the attacker has to know is the shared secret, which will likely be widely published to script kiddies now due to this cobbled configuration.

The second vulnerability is readable database snapshots on the CAM, which can be accessed via brute force download attacks. An attacker can guess the file name and once guessed and downloaded, with no authentication, the snapshots can be freely read with no encryption or protection of any kind on the file.

Best Regards,
David Geer - your on time technology writer!
Geer Communications

Labels: Cisco security vulnerability hole attack hack

  ¶ 3:39 PM 0 commentslinks to this post