Guest

Cisco NAC Appliance (Clean Access)

Field Notice: FN - 63108 - Cisco Clean Access (NAC Appliance) Software Deferral Advisory Notice For Versions Prior to 3.5.11

Cisco - Field Notice: FN - 63108 - Cisco Clean Access (NAC Appliance) Software Deferral Advisory Notice for Versions prior to 3.5.11.

April 28, 2008


NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Date Comment
1.0
28-APR-2008
Initial Public Release

Products Affected

Products Affected
CCA MGR - 3.5
CCA SVR - 3.5
 

Problem Description

Cisco Clean Access Software version 3.5.11 and earlier are being deferred due to a severity 1 defect.

A vulnerability exists in the Cisco Network Admission Control (NAC) Appliance that can allow an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).

For complete details describing the problem, the affected and unaffected Software versions, refer to the Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability document.

Background

Cisco NAC Legacy Software (Cisco Clean Access) versions 3.5.11 and earlier are subject to defect CSCsj33976 as described in:

Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability

Problem Symptoms

For a complete description of the problem symptoms, please refer to the Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability document.

Workaround/Solution

Disclaimer: In order to increase network availability, Cisco recommends that you upgrade affected NAC Appliance software with the suggested replacement software. Cisco has discontinued manufacturing shipment of the affected NAC Appliance software. Any pending or future order for the affected software will be substituted with the replacement software. PLEASE BE AWARE THAT FAILURE TO UPGRADE THE AFFECTED NAC APPLIANCE SOFTWARE MAY RESULT IN A SECURITY BREACH. The terms and conditions that governed your rights and obligations and those of Cisco, with respect to the deferred software will apply to the replacement software.

Deferral Advisory Notice

Dear Cisco Customer,
Cisco engineering has identified at least one serious issue with the software you have selected. The issue(s) may affect your use of this software. Please review the Deferral notice above to determine if the issue(s) apply to your network. The affected software versions will be removed from CCO. For more comprehensive information about what is included NAC Appliance Software Release Notes. For more information about Cisco Advisories and a complete list of affected and fixed code versions please review the following document: Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered customer and you must be logged in.

DDTS Description
CSCsj33976 (registered customers only) CAM should not show shared secret of CCA setup when adding CAS to CAM

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.