CVE-2005-4332
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/12/2005
Last modified:
03/04/2025
Description
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
Impact
Base Score 2.0
9.40
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.3.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:3.4.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/18103
- http://securityreason.com/securityalert/265
- http://securitytracker.com/id?1015375=
- http://www.awarenetwork.org/forum/viewtopic.php?p=2236
- http://www.cisco.com/warp/public/707/cisco-response-20051221-CCA.shtml
- http://www.osvdb.org/21956
- http://www.osvdb.org/21957
- http://www.osvdb.org/21958
- http://www.securityfocus.com/archive/1/419645/100/0/threaded
- http://www.securityfocus.com/archive/1/420008/100/0/threaded
- http://www.securityfocus.com/bid/15909
- http://www.vupen.com/english/advisories/2005/3007
- http://secunia.com/advisories/18103
- http://securityreason.com/securityalert/265
- http://securitytracker.com/id?1015375=
- http://www.awarenetwork.org/forum/viewtopic.php?p=2236
- http://www.cisco.com/warp/public/707/cisco-response-20051221-CCA.shtml
- http://www.osvdb.org/21956
- http://www.osvdb.org/21957
- http://www.osvdb.org/21958
- http://www.securityfocus.com/archive/1/419645/100/0/threaded
- http://www.securityfocus.com/archive/1/420008/100/0/threaded
- http://www.securityfocus.com/bid/15909
- http://www.vupen.com/english/advisories/2005/3007