The Cisco Network Admission Control Appliance (NAC) contains a vulnerability that allows the shared secret used by the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM) to be captured. This can then be leveraged to gain control over the CAS.
The following versions of NAC are known to be vulnerable:
All 3.5.x versions
All 3.6.x versions prior to 18.104.22.168
All 4.0.x versions prior to 4.0.6
All 4.1.x versions prior to 4.1.2
For full details see Cisco’s original advisory at: http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml