// For flags

CVE-2007-1066

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, usan una Discretionary Access Control Lists (DACL) predeterminada y no segura para la interfaz gráfica de usuario (GUI) de conexión cliente, lo que permite a usuarios locales alcanzar privilegios inyectando "a thread under ConnectionClient.exe," también se conoce como CSCsg20558.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-21 CVE Reserved
  • 2007-02-22 CVE Published
  • 2024-07-17 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Secure Services Client
Search vendor "Cisco" for product "Secure Services Client"
 4.0
Search vendor "Cisco" for product "Secure Services Client" and version "4.0"
-
Affected
Cisco
Search vendor "Cisco"
 Secure Services Client
Search vendor "Cisco" for product "Secure Services Client"
 4.0.5
Search vendor "Cisco" for product "Secure Services Client" and version "4.0.5"
-
Affected
Cisco
Search vendor "Cisco"
 Secure Services Client
Search vendor "Cisco" for product "Secure Services Client"
 4.0.51
Search vendor "Cisco" for product "Secure Services Client" and version "4.0.51"
-
Affected
Cisco
Search vendor "Cisco"
 Security Agent
Search vendor "Cisco" for product "Security Agent"
 5.0
Search vendor "Cisco" for product "Security Agent" and version "5.0"
-
Affected
Cisco
Search vendor "Cisco"
 Security Agent
Search vendor "Cisco" for product "Security Agent"
 5.1
Search vendor "Cisco" for product "Security Agent" and version "5.1"
-
Affected
Cisco
Search vendor "Cisco"
 Trust Agent
Search vendor "Cisco" for product "Trust Agent"
 1.0
Search vendor "Cisco" for product "Trust Agent" and version "1.0"
-
Affected
Cisco
Search vendor "Cisco"
 Trust Agent
Search vendor "Cisco" for product "Trust Agent"
 2.0
Search vendor "Cisco" for product "Trust Agent" and version "2.0"
-
Affected
Cisco
Search vendor "Cisco"
 Trust Agent
Search vendor "Cisco" for product "Trust Agent"
 2.0.1
Search vendor "Cisco" for product "Trust Agent" and version "2.0.1"
-
Affected
Cisco
Search vendor "Cisco"
 Trust Agent
Search vendor "Cisco" for product "Trust Agent"
 2.1
Search vendor "Cisco" for product "Trust Agent" and version "2.1"
-
Affected
Meetinghouse
Search vendor "Meetinghouse"
 Aegis Secureconnect Client
Search vendor "Meetinghouse" for product "Aegis Secureconnect Client"
 windows_platform
Search vendor "Meetinghouse" for product "Aegis Secureconnect Client" and version "windows_platform"
-
Affected