CVE-2007-1064
First published: Thu Feb 22 2007(Updated: )
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure | =4.0 | |
| Cisco Secure | =4.0.5 | |
| Cisco Secure | =4.0.51 | |
| Cisco Security Agent | =5.0 | |
| Cisco Security Agent | =5.1 | |
| Cisco Trust Agent | =1.0 | |
| Cisco Trust Agent | =2.0 | |
| Cisco Trust Agent | =2.0.1 | |
| Cisco Trust Agent | =2.1 | |
| Meetinghouse AEGIS SecureConnect Client | =windows_platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml
- http://www.securityfocus.com/bid/22648
- http://www.securitytracker.com/id?1017683
- http://www.securitytracker.com/id?1017684
- http://secunia.com/advisories/24258
- http://www.vupen.com/english/advisories/2007/0690
- http://osvdb.org/33049
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32621
Frequently Asked Questions
What is the severity of CVE-2007-1064?
CVE-2007-1064 has been rated as a medium severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2007-1064?
To address CVE-2007-1064, update to the latest versions of affected software such as Cisco Secure Services Client, Cisco Security Agent, and Cisco Trust Agent.
Which software is affected by CVE-2007-1064?
CVE-2007-1064 affects various Cisco products, including Cisco Secure Services Client 4.x, Cisco Security Agent 5.0 and 5.1, and Cisco Trust Agent 1.x and 2.x.
What impact does CVE-2007-1064 have on security?
CVE-2007-1064 can potentially allow an attacker to escalate privileges by exploiting the help facility in the software's GUI.
When was CVE-2007-1064 published?
CVE-2007-1064 was published on February 21, 2007.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cisco
- canonical/cisco secure
- version/cisco secure/4.0
- version/cisco secure/4.0.5
- version/cisco secure/4.0.51
- canonical/cisco security agent
- version/cisco security agent/5.0
- version/cisco security agent/5.1
- canonical/cisco trust agent
- version/cisco trust agent/1.0
- version/cisco trust agent/2.0
- version/cisco trust agent/2.0.1
- version/cisco trust agent/2.1
- vendor/meetinghouse
- canonical/meetinghouse aegis secureconnect client
- version/meetinghouse aegis secureconnect client/windows_platform