Please see Cisco's response here for possible work-arounds.
Description:
Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed
Network Admission Control (NAC) product that uses the network infrastructure
to enforce security policy compliance on all devices seeking to access
network computing resources. With NAC Appliance, network administrators can
authenticate, authorize, evaluate, and remediate wired, wireless, and remote
users and their machines prior to network access. It identifies whether
networked devices such as laptops, IP phones, or game consoles are compliant
with your network's security policies and repairs any vulnerabilities before
permitting access to the network.
Vendor site:
http://www.cisco.com/en/US/products/ps6128/
Affected versions:
All current (<= 3.6.4.1 at the time of the release)
Discovery Date:
2006-08-15
Report Date:
2006-08-20 (vendor), 2006-08-25 (public)
Severity:
Medium
Remote:
Yes
Related previous reports:
http://www.securityfocus.com/archive/1/408603/30/0/threaded
Discovered by:
Andreas Gal (http://www.andreasgal.com/)
Joachim Feise (http://www.feise.com/)
Vulnerability:
Previous versions of the software allowed users to bypass the "mandatory"
installation of the Clean Access Agent by changing the browser user-agent
string. With version 3.6.0, Cisco added additional detection mechanisms
such as TCP fingerprinting and JavaScript OS detection.
By changing the default parameters of the Windows TCP/IP stack and
using a custom HTTPS client (instead of a browser) the user can still
connect to the network without running any host-based checks.
Authentication and remote checks are not affected.
Proof-of-concept implementation:
http://kevin.sf.net/howto.html
http://kevin.sf.net/download/kevin.exe
http://kevin.sf.net/download/kevin.conf
http://kevin.cvs.sourceforge.net/kevin/
Acknowledgements:
The registry settings to masquerade the Windows TCP/IP stack were
derived from sec_cloak written by Craig Heffner.