CVE-2011-0963

The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml
http://www.securitytracker.com/id?1025272

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:cisco:nac_guest_server:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:cisco:nac_guest_server_software:1.1.0:::::::*
	cpe:2.3:a:cisco:nac_guest_server_software:1.0.0:::::::*
	cpe:2.3:a:cisco:nac_guest_server_software:1.1.2:::::::*
	cpe:2.3:a:cisco:nac_guest_server_software:1.1.1:::::::*
	cpe:2.3:a:cisco:nac_guest_server_software::::::::
	cpe:2.3:a:cisco:nac_guest_server_software:2.0.1:::::::*
	cpe:2.3:a:cisco:nac_guest_server_software:2.0.0:::::::*
	cpe:2.3:a:cisco:nac_guest_server_software:1.1.3:::::::*

Information

Published : 2011-03-31 15:55

Updated : 2016-12-06 18:59

NVD link : CVE-2011-0963

Mitre link : CVE-2011-0963

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

cisco

nac_guest_server
nac_guest_server_software

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml", "name": "20110330 Cisco Network Admission Control Guest Server System Software Authentication Bypass Vulnerability", "tags": [], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id?1025272", "name": "1025272", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0963", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-03-31T22:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:nac_guest_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:nac_guest_server_software:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_guest_server_software:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_guest_server_software:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_guest_server_software:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_guest_server_software:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0.2"}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_guest_server_software:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_guest_server_software:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_guest_server_software:1.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-07T02:59Z"}