Cisco NAC Can't Keep a Secret
A serious security flaw in the Cisco NAC (Network Admission Control) appliance can allow an attacker to obtain the shared secret that is used between the two internal components, according to a warning from the network and switching vendor.
The vulnerability, which carries a CVSS base score of 10.0 (the highest possible severity rating), could be exploited to allow an attacker to "take complete control" of the Cisco NAC appliance remotely over the network.
From the Cisco advisory:
The Cisco NAC Appliance solution allows network administrators to authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to allowing users onto the network. The solution identifies whether machines are compliant with security policies and repairs vulnerabilities before permitting access to the network.
A vulnerability exists in the Cisco NAC Appliance that can allow an attacker to obtain the shared secret used by the CAS and the CAM from error logs that are transmitted over the network. Obtaining this information could enable an attacker to gain complete control of the CAS remotely over the network.
Despite the high-risk rating, WatchGuard's Corey Nachreiner says there is one mitigating factor that significantly lessens its risk in the real world:
In most networks, data transmitted from the CAS to the CAM only passes over a Local Area Network (LAN). This means an attacker needs local access to your internal network in order to sniff the traffic necessary to learn your CAS shared secret and carry out this attack. So you can consider this primarily an insider threat.
Nevertheless, Cisco's NAC appliance users should apply this patch as a matter of urgency.