CVE-2006-4983

Published Sep 26, 2006

Last updated 6 years ago

Overview

Description: Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:network_access_control:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA567228-118D-4A98-BFCC-D86F12F39D69"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References