Vulnerability Details : CVE-2007-0058
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2007-0058
Probability of exploitation activity in the next 30 days: 1.60%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-0058
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2007-0058
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0058
-
http://www.vupen.com/english/advisories/2007/0030
Third Party Advisory
-
http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml
Vendor Advisory
-
http://securitytracker.com/id?1017465
Third Party Advisory;VDB Entry
Products affected by CVE-2007-0058
- Cisco » Network Admission Control Manager And Server System SoftwareVersions from including (>=) 3.5.0 and up to, including, (<=) 3.5.9cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*
- Cisco » Network Admission Control Manager And Server System SoftwareVersions from including (>=) 3.6.0.0 and up to, including, (<=) 3.6.1.1cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*