Cisco patches Clean Access flaws

Vulnerabilities could allow unauthorised administrator access.

Vulnerabilities could allow unauthorised administrator access.

Cisco Systems has acknowledged a pair of vulnerabilities in its Clean Access networking software that could allow for unauthorised access and viewing of database files. 

Users can remove the vulnerabilities by upgrading their software or by installing a patch, said the company.

Clean Access is a pair of software applications that allows servers to scan any systems that attempt to access a network for required patches and software.

The vulnerabilities effect Shared Secret, a log-on authentication component, and Readable Snapshots, a system for manually backing up databases.

An attacker exploiting the Shared Secret vulnerability could take administrative control over the Clean Access System and have the ability to change settings and preferences, said Cisco.

The Readable Snapshots component could be vulnerable to a 'brute force' attack, according to Cisco.

An attacker who guesses or otherwise finds out the name of the Readable Snapshot file could download and view it without any further authentication.

Security firm Secunia lists both vulnerabilities as 'moderately critical', which ranks third on the company's five-alert scale. 

Users can remove both of the vulnerabilities by upgrading their Clean Access software, said Cisco. Versions 3.4.6.2, 4.0.4, 4.1.0 and later all contain a fix for the vulnerability.

The company has also made a patch available for users who do not want to upgrade.

Copyright ©v3.co.uk