CVE-2007-1065

CWE-200Information ExposureCWE-2644 documents4 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 77.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Secure Services ClientCisco Security AgentCisco Trust Agent+1 more
Timeline
PublishedFeb 22
Latest updateMay 1

Description

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages4 packages

NVDcisco/trust_agent4 versions+3
NVDcisco/security_agent5.0, 5.1+1
NVDcisco/secure_services_client4.0, 4.0.5, 4.0.51+2

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-gfh7-q337-r38v: Cisco Secure Services Client (CSSC) 42022-05-01
CVEList
CVE-2007-1065: Cisco Secure Services Client (CSSC) 42007-02-22

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in 802.1X Supplicant2007-02-21
CVE-2007-1065 (MEDIUM CVSS 6.8) | Cisco Secure Services Client (CSSC) | cvebase.io