April 28, 2008
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision Date Comment 1.0 28-APR-2008 Initial Public Release
Products Affected CCA MGR - 3.5 CCA SVR - 3.5
Cisco Clean Access Software version 3.5.11 and earlier are being deferred due to a severity 1 defect.
A vulnerability exists in the Cisco Network Admission Control (NAC) Appliance that can allow an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).
For complete details describing the problem, the affected and unaffected Software versions, refer to the Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability document.
BackgroundCisco NAC Legacy Software (Cisco Clean Access) versions 3.5.11 and earlier are subject to defect CSCsj33976 as described in:
Problem SymptomsFor a complete description of the problem symptoms, please refer to the Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability document.
Workaround/SolutionDisclaimer: In order to increase network availability, Cisco recommends that you upgrade affected NAC Appliance software with the suggested replacement software. Cisco has discontinued manufacturing shipment of the affected NAC Appliance software. Any pending or future order for the affected software will be substituted with the replacement software. PLEASE BE AWARE THAT FAILURE TO UPGRADE THE AFFECTED NAC APPLIANCE SOFTWARE MAY RESULT IN A SECURITY BREACH. The terms and conditions that governed your rights and obligations and those of Cisco, with respect to the deferred software will apply to the replacement software.
Deferral Advisory Notice
Dear Cisco Customer,
Cisco engineering has identified at least one serious issue with the software you have selected. The issue(s) may affect your use of this software. Please review the Deferral notice above to determine if the issue(s) apply to your network. The affected software versions will be removed from CCO. For more comprehensive information about what is included NAC Appliance Software Release Notes. For more information about Cisco Advisories and a complete list of affected and fixed code versions please review the following document: Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability.
To follow the bug ID link below and see detailed bug information, you must be a registered customer and you must be logged in.
DDTS Description CSCsj33976 (registered customers only) CAM should not show shared secret of CCA setup when adding CAS to CAM
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.