Cisco software vulnerable to attack

Cisco Systems Inc. is warning customers of a flaw in its Cisco Clean Access (CCA) and Clean Access Manager (CAM) software that could be exploited by an attacker to download and view database snapshots without authentication.

The software works together to detect, isolate and clean infected or vulnerable devices that attempt to access the company network.

Cisco's Product Security Incident Response Team (PSIRT) said on Wednesday that the Clean Access Manager has an unchangeable shared secret flaw. Due to this vulnerability the shared secret can not be properly set or changed, making it the same across all affected devices. In order to exploit this vulnerability, an attacker must be able to establish a TCP connection to the Clean Access Server, Cisco said in its advisory .

In addition, manual backups of the database taken by the CAM are susceptible to brute force download attacks, Cisco said. A malicious user can guess a file name and download it without authentication. The file itself is not encrypted or otherwise protected, Cisco said.

CCA releases 3.6.x - 3.6.4.2; 4.0.x - 4.0.3.2 and 3.5.x are affected, as is CAM versions 3.5.9 and 3.6.x - 3.6.1.1.

There are no workarounds for the flaws, PSIRT said.

The following software releases contain the fix for the shared secret flaw: 3.6.4.3, 4.0.4 and 4.1.0. The readable snapshot flaw is addressed in versions 3.5.10 and 3.6.2. All subsequent releases will contain the fix.