[原文]Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
Clean Access Manager contains a flaw that may allow a remote denial of service. The issue is caused by the uploadclient.jsp script failing to require a username and password in order to upload files, and will result in loss of availability for the platform if an attacker chooses to fill the partition with files.
Upgrade to version 3.6(1) or higher, as it has been reported to fix this vulnerability. In addition, Cisco has released a patch for some older versions.