CVE-2007-1066

CWE-200Information ExposureCWE-2645 documents5 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 77.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Secure Services ClientCisco Security AgentCisco Trust Agent+1 more
Timeline
PublishedFeb 22
Latest updateMay 1

Description

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages4 packages

NVDcisco/trust_agent4 versions+3
NVDcisco/secure_services_client4.0, 4.0.5, 4.0.51+2
NVDcisco/security_agent5.0, 5.1+1

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-gpg2-g758-3qwm: Cisco Secure Services Client (CSSC) 42022-05-01
CVEList
CVE-2007-1066: Cisco Secure Services Client (CSSC) 42007-02-22

💥Exploits & PoCs

1
Exploit-DB
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)2010-08-14

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in 802.1X Supplicant2007-02-21
CVE-2007-1066 (MEDIUM CVSS 6.8) | Cisco Secure Services Client (CSSC) | cvebase.io