// For flags

CVE-2007-1068

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

Los métodos de autenticación (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, y (10) FAST en Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent, (CSA) versiones 5.0 y 5.1 (cuando ha sido implementado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, almacena las credenciales de autenticación transmitidas en archivos de registro de texto plano, lo que permite a usuarios locales obtener información confidencial por medio de la lectura de estos archivos, también se conoce como CSCsg34423.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-21 CVE Reserved
  • 2007-02-22 CVE Published
  • 2024-07-17 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-255: Credentials Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Secure Services Client
Search vendor "Cisco" for product "Secure Services Client"
 4.0
Search vendor "Cisco" for product "Secure Services Client" and version "4.0"
-
Affected
Cisco
Search vendor "Cisco"
 Secure Services Client
Search vendor "Cisco" for product "Secure Services Client"
 4.0.5
Search vendor "Cisco" for product "Secure Services Client" and version "4.0.5"
-
Affected
Cisco
Search vendor "Cisco"
 Secure Services Client
Search vendor "Cisco" for product "Secure Services Client"
 4.0.51
Search vendor "Cisco" for product "Secure Services Client" and version "4.0.51"
-
Affected
Cisco
Search vendor "Cisco"
 Security Agent
Search vendor "Cisco" for product "Security Agent"
 5.0
Search vendor "Cisco" for product "Security Agent" and version "5.0"
-
Affected
Cisco
Search vendor "Cisco"
 Security Agent
Search vendor "Cisco" for product "Security Agent"
 5.1
Search vendor "Cisco" for product "Security Agent" and version "5.1"
-
Affected
Cisco
Search vendor "Cisco"
 Trust Agent
Search vendor "Cisco" for product "Trust Agent"
 1.0
Search vendor "Cisco" for product "Trust Agent" and version "1.0"
-
Affected
Cisco
Search vendor "Cisco"
 Trust Agent
Search vendor "Cisco" for product "Trust Agent"
 2.0
Search vendor "Cisco" for product "Trust Agent" and version "2.0"
-
Affected
Cisco
Search vendor "Cisco"
 Trust Agent
Search vendor "Cisco" for product "Trust Agent"
 2.0.1
Search vendor "Cisco" for product "Trust Agent" and version "2.0.1"
-
Affected
Cisco
Search vendor "Cisco"
 Trust Agent
Search vendor "Cisco" for product "Trust Agent"
 2.1
Search vendor "Cisco" for product "Trust Agent" and version "2.1"
-
Affected
Meetinghouse
Search vendor "Meetinghouse"
 Aegis Secureconnect Client
Search vendor "Meetinghouse" for product "Aegis Secureconnect Client"
 windows_platform
Search vendor "Meetinghouse" for product "Aegis Secureconnect Client" and version "windows_platform"
-
Affected