CVE-2007-3184
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.
Cisco Trust Agent (CTA) anterior a 2.1.104.0, cuando se ejecuta en MacOS X, permite a atacantes con acceso físico evitar la autenticación y modificar las Preferencias del Sistema, incluyendo contraseñas, invocando el Menú Apple cuando el servidor de control de acceso (Access Control Server o ACS) produce un mensaje de notificación al usuario tras una validación de postura (posture validation).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-12 CVE Reserved
- 2007-06-12 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-09-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/25598 | Third Party Advisory | |
| http://www.osvdb.org/35340 | Broken Link | |
| http://www.securityfocus.com/archive/1/471041/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1018217 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/2140 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34807 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://securityreason.com/securityalert/2796 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/24415 | 2018-10-19 |
| URL | Date | SRC |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_response09186a008085d645.html | 2018-10-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Trust Agent Search vendor "Cisco" for product "Trust Agent" | < 2.1.104.0 Search vendor "Cisco" for product "Trust Agent" and version " < 2.1.104.0" | - |
Safe
|