• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Cisco Clean Access Multiple JSP Pages Access Validation Vulnerability

Severity: HIGH

Description:

Cisco Clean Access (CCA) is a software solution that scans devices attempting to connect to a network. The software can check for installed patches and malicious code infections then quarantine devices as necessary until issues have been addressed.

Cisco Clean Access is prone to a vulnerability that could allow unauthorized users to access various Web server JSP pages.

Specifically, the '/admin/uploadclient.jsp' allows remote, unauthenticated users to upload arbitrary content to the '/installer/windows' Web visible directory. The 'apply_firmware_action.jsp', and 'file.jsp' pages are also available to unauthenticated users.

This could allow an attacker to upload unauthorized data, cause denial of service issues, and possibly take unauthorized actions through accessing inappropriate JSP pages.

Cisco Clean Access version 3.5.5 is reported vulnerable; prior versions may also be affected.

Cisco has stated that this issue is being tracked by bug ID CSCsc85405.

Affected Products:

• Cisco Cisco Clean Access (CCA) 3.3.0
• Cisco Cisco Clean Access (CCA) 3.3.1
• Cisco Cisco Clean Access (CCA) 3.3.2
• Cisco Cisco Clean Access (CCA) 3.3.3
• Cisco Cisco Clean Access (CCA) 3.3.4
• Cisco Cisco Clean Access (CCA) 3.3.5
• Cisco Cisco Clean Access (CCA) 3.3.6
• Cisco Cisco Clean Access (CCA) 3.3.7
• Cisco Cisco Clean Access (CCA) 3.3.8
• Cisco Cisco Clean Access (CCA) 3.3.9
• Cisco Cisco Clean Access (CCA) 3.4.0
• Cisco Cisco Clean Access (CCA) 3.4.1
• Cisco Cisco Clean Access (CCA) 3.4.2
• Cisco Cisco Clean Access (CCA) 3.4.3
• Cisco Cisco Clean Access (CCA) 3.4.4
• Cisco Cisco Clean Access (CCA) 3.4.5
• Cisco Cisco Clean Access (CCA) 3.5.0
• Cisco Cisco Clean Access (CCA) 3.5.1
• Cisco Cisco Clean Access (CCA) 3.5.2
• Cisco Cisco Clean Access (CCA) 3.5.3
• Cisco Cisco Clean Access (CCA) 3.5.4
• Cisco Cisco Clean Access (CCA) 3.5.5

References:

• Cisco: Cisco Clean Access Product Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.