<<< Date Index >>>     <<< Thread Index >>>

Cisco Clean Access Agent (Perfigo) bypass



Description: 
Cisco Clean Access is an easily deployed software solution that can 
automatically detect, isolate, and clean infected or vulnerable devices that 
attempt to access your network. It identifies whether networked devices such as 
laptops, personal digital assistants, even game consoles are compliant with 
your network's security policies and repairs any vulnerabilities before 
permitting access to the network. 

Vendor site:
http://www.cisco.com/en/US/products/ps6128/

Affected versions: 
This works in at least 3.5.3.1 and 3.5.4.

Discovery Date: 
2005-08-12

Report Date: 
2005-08-19

Severity:
Medium

Vulnerability: 
End users can bypass the "mandatory" installation of the Clean Access Agent by 
changing the User-Agent string of their browser. This allows them to connect to 
the network without the host-based checks being run. If configured, remote 
checks are still run.