CVE-2007-1065 - OpenCVE

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Trust Agent Secure Services Client Security Agent
Meetinghouse	Aegis Secureconnect Client

Configuration 1 [-]

OR	cpe:2.3:a:cisco:secure_services_client:4.0:::::::*
	cpe:2.3:a:cisco:secure_services_client:4.0.5:::::::*
	cpe:2.3:a:cisco:secure_services_client:4.0.51:::::::*
	cpe:2.3:a:cisco:security_agent:5.0:::::::*
	cpe:2.3:a:cisco:security_agent:5.1:::::::*
	cpe:2.3:a:cisco:trust_agent:1.0:::::::*
	cpe:2.3:a:cisco:trust_agent:2.0:::::::*
	cpe:2.3:a:cisco:trust_agent:2.0.1:::::::*
	cpe:2.3:a:cisco:trust_agent:2.1:::::::*
	cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:::::::*

References

Link	Resource
http://osvdb.org/33048
http://secunia.com/advisories/24258
http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/22648
http://www.securitytracker.com/id?1017683
http://www.securitytracker.com/id?1017684
http://www.vupen.com/english/advisories/2007/0690
https://exchange.xforce.ibmcloud.com/vulnerabilities/32622

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-22T01:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-02-21T00:00:00

Link: CVE-2007-1065

JSON object: View

NVD Information

Status : Modified

Published: 2007-02-22T01:28:00.000

Modified: 2017-07-29T01:30:36.360

Link: CVE-2007-1065

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24258", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24258"}, {"name": "cisco-cssc-privilege-escalation(32622)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"}, {"name": "ADV-2007-0690", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0690"}, {"name": "33048", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33048"}, {"name": "22648", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22648"}, {"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"}, {"name": "1017683", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017683"}, {"name": "1017684", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017684"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1065", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24258", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24258"}, {"name": "cisco-cssc-privilege-escalation(32622)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"}, {"name": "ADV-2007-0690", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0690"}, {"name": "33048", "refsource": "OSVDB", "url": "http://osvdb.org/33048"}, {"name": "22648", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22648"}, {"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"}, {"name": "1017683", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017683"}, {"name": "1017684", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017684"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1065", "datePublished": "2007-02-22T01:00:00", "dateReserved": "2007-02-21T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*", "matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*", "matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."}, {"lang": "es", "value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un agente de confianza vulnerable), y el Meetinghouse AEGIS SecureConnect Client, permiten a usuarios locales alcanzar privilegios SYSTEM por medio de vectores no especificados en el requiriente, tambi\u00e9n se conoce como CSCsf15836."}], "id": "CVE-2007-1065", "lastModified": "2017-07-29T01:30:36.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-22T01:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33048"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24258"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22648"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017683"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017684"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0690"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}