CVE-2007-1068

CWE-255 CWE-200 — Information Exposure CWE-2645 documents5 sources

Severity

7.2HIGH

EPSS

0.1%

top 73.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Services Client Cisco Security Agent Cisco Trust Agent +1 more

Timeline

PublishedFeb 22

Latest updateMay 1

Description

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information …

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

▶NVDcisco/trust_agent4 versions+3

▶NVDcisco/security_agent5.0, 5.1+1

▶NVDcisco/secure_services_client4.0, 4.0.5, 4.0.51+2

▶NVDmeetinghouse/aegis_secureconnect_clientwindows_platform

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-m9vh-fx35-cqmq: The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authen↗2022-05-01

▶

CVEList

CVE-2007-1068: The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authen↗2007-02-22

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in 802.1X Supplicant↗2007-02-21

▶

💬Community

Bugzilla

CVE-2007-4993 xen guest root can escape to domain 0 through pygrub↗2007-09-24

▶