RE: Cisco Clean Access Agent (Perfigo) bypass

From: Dario Ciccarone (dciccaro) (dciccaro_at_cisco.com)
Date: 08/21/05

  • Next message: phuket: "SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1"
    Date: Sun, 21 Aug 2005 09:57:14 -0400
    To: <llhansen-bugtraq@adams.edu>, <bugtraq@securityfocus.com>
    
    
    

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi there,

            This post is to confirm that the Cisco Systems PSIRT is actively
    researching into this issue. We will be providing a more thorough answer
    on Monday, August 22, 2005.

            Attached: a cleartext, PGP signed version of this same email.

            Thanks,
            Dario

    Quidquid latine dictum sit, altum viditur

    Dario Ciccarone
    CCIE #10395
    Product Security Incident Response Team (PSIRT)
    Cisco Systems, Inc.
    dciccaro@cisco.com
     

    > -----Original Message-----
    > From: llhansen-bugtraq@adams.edu [mailto:llhansen-bugtraq@adams.edu]
    > Sent: Friday, August 19, 2005 12:30 PM
    > To: bugtraq@securityfocus.com
    > Subject: Cisco Clean Access Agent (Perfigo) bypass
    >
    > Description:
    > Cisco Clean Access is an easily deployed software solution
    > that can automatically detect, isolate, and clean infected or
    > vulnerable devices that attempt to access your network. It
    > identifies whether networked devices such as laptops,
    > personal digital assistants, even game consoles are compliant
    > with your network's security policies and repairs any
    > vulnerabilities before permitting access to the network.
    >
    > Vendor site:
    > http://www.cisco.com/en/US/products/ps6128/
    >
    > Affected versions:
    > This works in at least 3.5.3.1 and 3.5.4.
    >
    > Discovery Date:
    > 2005-08-12
    >
    > Report Date:
    > 2005-08-19
    >
    > Severity:
    > Medium
    >
    > Vulnerability:
    > End users can bypass the "mandatory" installation of the
    > Clean Access Agent by changing the User-Agent string of their
    > browser. This allows them to connect to the network without
    > the host-based checks being run. If configured, remote checks
    > are still run.
    >
    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1

    iQA/AwUBQwiIOYyVGB+6GuDwEQLARQCgx09VN4cCMHjtWnwcDCFwPI4p1+MAn2aV
    Ubhp/JALjzD4Y5GPHL7AdXE8
    =GgR9
    -----END PGP SIGNATURE-----
     

    
    



  • Next message: phuket: "SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1"