Vulnerabilities > CVE-2007-1067 - Multiple vulnerability in Cisco 802.1X Authentication Deployment Products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

cisco

meetinghouse

NVD

Published: 2007-02-22

Updated: 2017-07-29

Summary

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Secure Services Client 4.X Cisco Security Agent 5.0 Cisco Security Agent 5.1 Cisco Trust Agent 1	4
Application	Meetinghouse Meetinghouse Aegis Secureconnect Client Windows_Platform	1

References

http://osvdb.org/33045
http://secunia.com/advisories/24258
http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml
http://www.securityfocus.com/bid/22648
http://www.securitytracker.com/id?1017683
http://www.securitytracker.com/id?1017684
http://www.vupen.com/english/advisories/2007/0690
https://exchange.xforce.ibmcloud.com/vulnerabilities/32624