-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0036 Title: Cisco Network Admission Control Manager SQL Injection Vulnerability [1] Version history: 19.04.2013 Initial publication Summary ======= Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. Successful exploitation of the vulnerability could allow the attacker to execute arbitrary queries on the Cisco NAC Manager and take full control of the affected system. A successful attack could allow an unauthenticated attacker to access, create or modify information such as usernames and password hashes in the NAC Manager database. A successful attack also has the potential to create, modify, or delete arbitrary and system files and to copy sensitive information from the vulnerable device. CSCub23095-- Cisco NAC Manager SQL Injection Vulnerability CVSS Base Score - 10.0 CVSS Temporal Score - 8.3 Affected Products and Versions: =============================== Cisco NAC Manager versions prior to the following are affected by this vulnerability: 4.9.2 4.8.3.1 What can you do? ================ Deploy the updated versions of the software [1]. No workarounds are available to mitigate these vulnerabilities. What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac [2] http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJRcUMkAAoJEPpzpNLI8SVo1I8P/3is732eATp0iagd/tjLlG1k QfqoLsBVDl1XHBuv8Z7wj1HXcC5uQOMKFCkHrUI3UOwkfub61gm8KBfc7ktDF2Bu fU3YAUZsxDA/5qNxU0Lj9gzvYE+yDd9HbqXA/++2KDCd5ZpWaGyPamKPZBrbBXrt L/5XpZq/KvWMcnsaHUDOxp30De6Dhsp1vhhaeMkPscfxQcnKUP+lkciyHBKS4KbI zq+ZR1RlweoP6Tk0iplstbosshS2vBrM0Sl2EGG/wySfW02DUlJNZDUQmby940it f+khphvKZ0m7XZ5ijXto7nEZwTbRY8muHlY4kPed70qiHHRtjv9bBmNU6FLM1VaD JV4Jpa8gnCOAo485PFk+kkEYUn4J9qGZPcQMsHff84FU0Z58SRdovcoHnUTKQTDk fvRi8C3x3LcDY47qNV/ppq40ztJX6OB30vviHgw1hBCJ/eWT5AwTPKUI/PzZw9Vv jmfWcMw7012ypoDQllCeBt4VUauP4ZNpy53AT+NaMENNQmPSwx7XqZdi61PPxl43 5+mZkC3TClDQTWnvQ65ce9/R9sA/R7xtBsuzu3XNpYtfFRX4UrZxxlCmYq7gg1WG GIHzj5AcYd0XmP/pVOYrXbU21XSAaguLzXa+jsHfBvf3IizDgYEnS8UsKScAp8eO yChHw+BeA9DSgIREKzcj =w/3A -----END PGP SIGNATURE-----