Cisco Clean Access Agent (Perfigo) bypass
Description:
Cisco Clean Access is an easily deployed software solution that can
automatically detect, isolate, and clean infected or vulnerable devices that
attempt to access your network. It identifies whether networked devices such as
laptops, personal digital assistants, even game consoles are compliant with
your network's security policies and repairs any vulnerabilities before
permitting access to the network.
Vendor site:
http://www.cisco.com/en/US/products/ps6128/
Affected versions:
This works in at least 3.5.3.1 and 3.5.4.
Discovery Date:
2005-08-12
Report Date:
2005-08-19
Severity:
Medium
Vulnerability:
End users can bypass the "mandatory" installation of the Clean Access Agent by
changing the User-Agent string of their browser. This allows them to connect to
the network without the host-based checks being run. If configured, remote
checks are still run.