// For flags

CVE-2007-3184

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

Cisco Trust Agent (CTA) anterior a 2.1.104.0, cuando se ejecuta en MacOS X, permite a atacantes con acceso físico evitar la autenticación y modificar las Preferencias del Sistema, incluyendo contraseñas, invocando el Menú Apple cuando el servidor de control de acceso (Access Control Server o ACS) produce un mensaje de notificación al usuario tras una validación de postura (posture validation).

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-06-12 CVE Reserved
  • 2007-06-12 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-09-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Affected
in Cisco
Search vendor "Cisco"
Trust Agent
Search vendor "Cisco" for product "Trust Agent"
< 2.1.104.0
Search vendor "Cisco" for product "Trust Agent" and version " < 2.1.104.0"
-
Safe