CVE-2007-1064

CWE-200Information ExposureCWE-2644 documents4 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 77.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Secure Services ClientCisco Security AgentCisco Trust Agent+1 more
Timeline
PublishedFeb 22
Latest updateMay 1

Description

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages4 packages

NVDcisco/trust_agent4 versions+3
NVDcisco/security_agent5.0, 5.1+1
NVDcisco/secure_services_client4.0, 4.0.5, 4.0.51+2

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-3fc6-jr84-f699: Cisco Secure Services Client (CSSC) 42022-05-01
CVEList
CVE-2007-1064: Cisco Secure Services Client (CSSC) 42007-02-22

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in 802.1X Supplicant2007-02-21
CVE-2007-1064 (MEDIUM CVSS 6.8) | Cisco Secure Services Client (CSSC) | cvebase.io