Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for trust_agent by cisco

    CVE-2007-1800 (GCVE-0-2007-1800)

    Vulnerability from nvd – Published: 2007-04-02 23:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror"
              },
              {
                "name": "34123",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34123"
              },
              {
                "name": "20070330 NACATTACK Presentation",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_response09186a00808110da.html"
              },
              {
                "name": "cisco-acs-cta-unauthorized-access(33557)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33557"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka \"NACATTACK.\" NOTE: this attack might be limited to authenticated users and devices."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror"
            },
            {
              "name": "34123",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34123"
            },
            {
              "name": "20070330 NACATTACK Presentation",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a00808110da.html"
            },
            {
              "name": "cisco-acs-cta-unauthorized-access(33557)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33557"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1800",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka \"NACATTACK.\" NOTE: this attack might be limited to authenticated users and devices."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror",
                  "refsource": "MISC",
                  "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror"
                },
                {
                  "name": "34123",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34123"
                },
                {
                  "name": "20070330 NACATTACK Presentation",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_response09186a00808110da.html"
                },
                {
                  "name": "cisco-acs-cta-unauthorized-access(33557)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33557"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1800",
        "datePublished": "2007-04-02T23:00:00.000Z",
        "dateReserved": "2007-04-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1064 (GCVE-0-2007-1064)

    Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://osvdb.org/33049 vdb-entryx_refsource_OSVDB
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "33049",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33049"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "cisco-cssc-help-privilege-escalation(32621)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "33049",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33049"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "cisco-cssc-help-privilege-escalation(32621)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1064",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "33049",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33049"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "cisco-cssc-help-privilege-escalation(32621)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1064",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1066 (GCVE-0-2007-1066)

    Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/33047 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "cisco-cssc-dacl-privilege-escalation(32625)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
              },
              {
                "name": "33047",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33047"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "cisco-cssc-dacl-privilege-escalation(32625)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
            },
            {
              "name": "33047",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33047"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1066",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "cisco-cssc-dacl-privilege-escalation(32625)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
                },
                {
                  "name": "33047",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33047"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1066",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1067 (GCVE-0-2007-1067)

    Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/33045 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "33045",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33045"
              },
              {
                "name": "cisco-cssc-parsing-privilege-escalation(32624)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "33045",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33045"
            },
            {
              "name": "cisco-cssc-parsing-privilege-escalation(32624)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "33045",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33045"
                },
                {
                  "name": "cisco-cssc-parsing-privilege-escalation(32624)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1067",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1065 (GCVE-0-2007-1065)

    Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://osvdb.org/33048 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "cisco-cssc-privilege-escalation(32622)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "33048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33048"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "cisco-cssc-privilege-escalation(32622)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "33048",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33048"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1065",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "cisco-cssc-privilege-escalation(32622)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "33048",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33048"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1065",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1068 (GCVE-0-2007-1068)

    Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/33046 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "33046",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33046"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "cisco-cssc-password-information-disclosure(32626)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "33046",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33046"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "cisco-cssc-password-information-disclosure(32626)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1068",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "33046",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33046"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "cisco-cssc-password-information-disclosure(32626)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1068",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1800 (GCVE-0-2007-1800)

    Vulnerability from cvelistv5 – Published: 2007-04-02 23:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror"
              },
              {
                "name": "34123",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34123"
              },
              {
                "name": "20070330 NACATTACK Presentation",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_response09186a00808110da.html"
              },
              {
                "name": "cisco-acs-cta-unauthorized-access(33557)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33557"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka \"NACATTACK.\" NOTE: this attack might be limited to authenticated users and devices."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror"
            },
            {
              "name": "34123",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34123"
            },
            {
              "name": "20070330 NACATTACK Presentation",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a00808110da.html"
            },
            {
              "name": "cisco-acs-cta-unauthorized-access(33557)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33557"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1800",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka \"NACATTACK.\" NOTE: this attack might be limited to authenticated users and devices."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror",
                  "refsource": "MISC",
                  "url": "http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror"
                },
                {
                  "name": "34123",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34123"
                },
                {
                  "name": "20070330 NACATTACK Presentation",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_response09186a00808110da.html"
                },
                {
                  "name": "cisco-acs-cta-unauthorized-access(33557)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33557"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1800",
        "datePublished": "2007-04-02T23:00:00.000Z",
        "dateReserved": "2007-04-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1064 (GCVE-0-2007-1064)

    Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://osvdb.org/33049 vdb-entryx_refsource_OSVDB
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "33049",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33049"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "cisco-cssc-help-privilege-escalation(32621)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "33049",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33049"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "cisco-cssc-help-privilege-escalation(32621)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1064",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "33049",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33049"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "cisco-cssc-help-privilege-escalation(32621)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1064",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1066 (GCVE-0-2007-1066)

    Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/33047 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.501Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "cisco-cssc-dacl-privilege-escalation(32625)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
              },
              {
                "name": "33047",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33047"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "cisco-cssc-dacl-privilege-escalation(32625)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
            },
            {
              "name": "33047",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33047"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1066",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "cisco-cssc-dacl-privilege-escalation(32625)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
                },
                {
                  "name": "33047",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33047"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1066",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1067 (GCVE-0-2007-1067)

    Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/33045 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "33045",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33045"
              },
              {
                "name": "cisco-cssc-parsing-privilege-escalation(32624)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "33045",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33045"
            },
            {
              "name": "cisco-cssc-parsing-privilege-escalation(32624)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "33045",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33045"
                },
                {
                  "name": "cisco-cssc-parsing-privilege-escalation(32624)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1067",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1065 (GCVE-0-2007-1065)

    Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://osvdb.org/33048 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "cisco-cssc-privilege-escalation(32622)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "33048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33048"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "cisco-cssc-privilege-escalation(32622)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "33048",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33048"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1065",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "cisco-cssc-privilege-escalation(32622)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "33048",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33048"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1065",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1068 (GCVE-0-2007-1068)

    Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24258 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/33046 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/0690 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/22648 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securitytracker.com/id?1017683 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1017684 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24258",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24258"
              },
              {
                "name": "33046",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33046"
              },
              {
                "name": "ADV-2007-0690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0690"
              },
              {
                "name": "22648",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22648"
              },
              {
                "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
              },
              {
                "name": "1017683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017683"
              },
              {
                "name": "cisco-cssc-password-information-disclosure(32626)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
              },
              {
                "name": "1017684",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017684"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24258",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24258"
            },
            {
              "name": "33046",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33046"
            },
            {
              "name": "ADV-2007-0690",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0690"
            },
            {
              "name": "22648",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22648"
            },
            {
              "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
            },
            {
              "name": "1017683",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017683"
            },
            {
              "name": "cisco-cssc-password-information-disclosure(32626)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
            },
            {
              "name": "1017684",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017684"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1068",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24258",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24258"
                },
                {
                  "name": "33046",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33046"
                },
                {
                  "name": "ADV-2007-0690",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0690"
                },
                {
                  "name": "22648",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22648"
                },
                {
                  "name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
                },
                {
                  "name": "1017683",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017683"
                },
                {
                  "name": "cisco-cssc-password-information-disclosure(32626)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
                },
                {
                  "name": "1017684",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017684"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1068",
        "datePublished": "2007-02-22T01:00:00.000Z",
        "dateReserved": "2007-02-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }