CVE-2007-1064

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/33049
http://secunia.com/advisories/24258
http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/22648
http://www.securitytracker.com/id?1017683
http://www.securitytracker.com/id?1017684
http://www.vupen.com/english/advisories/2007/0690
https://exchange.xforce.ibmcloud.com/vulnerabilities/32621

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_services_client:4.0:::::::*
	cpe:2.3:a:cisco:secure_services_client:4.0.5:::::::*
	cpe:2.3:a:cisco:secure_services_client:4.0.51:::::::*
	cpe:2.3:a:cisco:security_agent:5.0:::::::*
	cpe:2.3:a:cisco:security_agent:5.1:::::::*
	cpe:2.3:a:cisco:trust_agent:1.0:::::::*
	cpe:2.3:a:cisco:trust_agent:2.0:::::::*
	cpe:2.3:a:cisco:trust_agent:2.0.1:::::::*
	cpe:2.3:a:cisco:trust_agent:2.1:::::::*
	cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:::::::*

History

No history.

Information

Published : 2007-02-22 01:28

Updated : 2023-12-10 10:40

NVD link : CVE-2007-1064

Mitre link : CVE-2007-1064

CVE.ORG link : CVE-2007-1064

JSON object : View

Products Affected

cisco

trust_agent
security_agent
secure_services_client

meetinghouse

aegis_secureconnect_client

CWE

NVD-CWE-Other

{"id": "CVE-2007-1064", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-02-22T01:28:00.000", "references": [{"url": "http://osvdb.org/33049", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24258", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22648", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017683", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017684", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0690", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."}, {"lang": "es", "value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un Trust Agent vulnerable) y el Meetinghouse AEGIS SecureConnect Client, no pierde los privilegios cuando es invocado el servicio de ayuda en la GUI del requirente, lo que permite a usuarios locales alcanzar privilegios, tambi\u00e9n se conoce como CSCsf14120."}], "lastModified": "2017-07-29T01:30:36.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB"}, {"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD"}, {"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6"}, {"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B"}, {"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528"}, {"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841"}, {"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF"}, {"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A"}, {"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4"}, {"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}