Lucene search

PRIOn knowledge basePRION:CVE-2007-1066

HistoryFeb 22, 2007 - 1:28 a.m.

Design/Logic Flaw

2007-02-2201:28:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting “a thread under ConnectionClient.exe,” aka CSCsg20558.

CPENameOperatorVersion
secure_services_clienteq4.0.51
secure_services_clienteq4.0
secure_services_clienteq4.0.5
security_agenteq5.1
security_agenteq5.0
trust_agenteq2.0
trust_agenteq2.0.1
trust_agenteq2.1
trust_agenteq1.0

Name	Operator	Version
secure_services_client	eq	4.0.51
secure_services_client	eq	4.0
secure_services_client	eq	4.0.5
security_agent	eq	5.1
security_agent	eq	5.0
trust_agent	eq	2.0
trust_agent	eq	2.0.1
trust_agent	eq	2.1
trust_agent	eq	1.0

References

osvdb.org/33047

secunia.com/advisories/24258

www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml

www.securityfocus.com/bid/22648

www.securitytracker.com/id?1017683

www.securitytracker.com/id?1017684

www.vupen.com/english/advisories/2007/0690

exchange.xforce.ibmcloud.com/vulnerabilities/32625

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2007-1066