CVE-2011-3305

Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml	Vendor Advisory
http://www.securitytracker.com/id?1026142
http://secunia.com/advisories/46309
http://osvdb.org/76080
http://www.securityfocus.com/bid/49954
https://exchange.xforce.ibmcloud.com/vulnerabilities/70335

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:nac_manager:4.8\(2\):::::::*
	cpe:2.3:a:cisco:nac_manager:4.8:::::::*
	cpe:2.3:a:cisco:nac_manager:4.8\(1\):::::::*

cpe:2.3:h:cisco:nac_appliance:*:*:*:*:*:*:*:*

Information

Published : 2011-10-06 03:55

Updated : 2017-08-28 18:30

NVD link : CVE-2011-3305

Mitre link : CVE-2011-3305

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

Products Affected

cisco

nac_manager
nac_appliance

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml", "name": "20111005 Directory Traversal Vulnerability in Cisco Network Admission Control Manager", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id?1026142", "name": "1026142", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/46309", "name": "46309", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/76080", "name": "76080", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/49954", "name": "49954", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70335", "name": "cisco-nac-directory-traversal(70335)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-3305", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-10-06T10:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:nac_manager:4.8\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_manager:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:nac_manager:4.8\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:nac_appliance:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:30Z"}