WatchGuard Wire
Improve Your Security IQ
Untitled Document
Pwn a Cisco NAC appliance with simple packet sniffing
17 April 2008 -- Yesterday, Cisco released a security advisory describing a serious security vulnerability in their NAC appliance. The Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM) -- components of the Cisco NAC appliance -- transmit error logs to one another over your network. Unfortunately, they also clearly transmit their shared secret within these error logs. By packet sniffing your network traffic, an attacker could learn your CAS shared secret, and leverage it to gain complete control of your CAS. This would essentially give the attacker control of your Cisco NAC appliance. Cisco has assigned this flaw a CVSS Base Score of 10, which is the most severe Base Score rating.
Despite this vulnerability's severity, there is one mitigating factor which significantly lessens its risk in the real world: In most networks, data transmitted from the CAS to the CAM only passes over a Local Area Network (LAN). This means an attacker needs local access to your internal network in order sniff the traffic necessary to learn your CAS shared secret and carry out this attack. So you can consider this primarily an insider threat.
That said, if you use Cisco's NAC appliance, you should apply the fix for this vulnerability immediately. After all, you don't want some disgruntled insider rendering your NAC security worthless. Check the "Obtaining Fixed Software" section of Cisco's advisory to learn where to get Cisco's update. -- Corey Nachreiner, CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
