Cisco Systems has issued an alert to users regarding two critical security vulnerabilities in the Cisco NAC Appliance network control device.
Information from the manufacturer indicates that these vulnerabilities could be exploited by hackers to take control of the affected devices or steal sensitive information such as login passwords…
The Cisco NAC Appliance, also known as Cisco Clean Access (CCA), is designed to authenticate peripheral devices that request to connect to a company’s network, ensuring compliance with security policy requirements.
First Vulnerability
The first security vulnerability is named “Unchangeable Shared Secret“. This issue arises from the Shared Secret data not being properly set or changed during the device installation process. In other words, the Shared Secret data is identical across all devices.
The Shared Secret is the data that allows the Clean Access Manager (CAM) to send authentication confirmations to the Clean Access Server (CAS).
To successfully exploit the “Unchangeable Shared Secret” vulnerability, a hacker must establish a TCP connection to the CAS. If successful, the hacker would gain administrative-level access to any CAS.
Vulnerable CCA versions include versions 3.6.x through 3.6.4.2 and versions 4.0.x through 4.0.3.2.
Users are advised to upgrade to versions 3.6.4.3, 4.0.4, and 4.1.0 or visit the Cisco website to download the patch named Patch-CSCsg24153.tar.gz. Note that only customers who have signed a Cisco Service Agreement can access and download the patches.
Second Vulnerability
The second security vulnerability is named “Readable Snapshots“. With this vulnerability, hackers can utilize brute-force attacks to download the backup database—also known as snapshots—on the CAM without needing authorization. Meanwhile, these backup files are not encrypted or protected by any solution.
Even more dangerously, these snapshot files contain information that could assist hackers in attacking the CAS or be used to gain control over the CAM.
Affected versions include CCA versions 3.5.x through 3.5.9 and versions 3.6.x through 3.6.1.1. Users are advised to upgrade to versions 3.5.10 and 3.6.2.
Currently, Cisco has not released a patch update for the snapshot vulnerability. However, the manufacturer recommends that users move snapshot files off the device immediately after backing up data.
Cisco’s security incident response team confirms that, as of now, no exploit code targeting these vulnerabilities has been released on the Internet.
Hoàng Dũng
