Cisco » Network Access Control : Security Vulnerabilities, CVEs, CVSS score >= 4
Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols.
Max CVSS
7.5
EPSS Score
0.41%
Published
2006-09-26
Updated
2018-10-17
Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
Max CVSS
4.6
EPSS Score
0.05%
Published
2006-09-26
Updated
2018-10-17
2 vulnerabilities found