CVE-2007-1066
First published: Thu Feb 22 2007(Updated: )
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Trust Agent | =2.0 | |
| Cisco Security Agent | =5.1 | |
| Cisco Security Agent | =5.0 | |
| Cisco Secure | =4.0.51 | |
| Cisco Secure | =4.0 | |
| Cisco Trust Agent | =2.0.1 | |
| Meetinghouse AEGIS SecureConnect Client | =windows_platform | |
| Cisco Trust Agent | =2.1 | |
| Cisco Trust Agent | =1.0 | |
| Cisco Secure | =4.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml
- http://www.securityfocus.com/bid/22648
- http://www.securitytracker.com/id?1017683
- http://www.securitytracker.com/id?1017684
- http://secunia.com/advisories/24258
- http://osvdb.org/33047
- http://www.vupen.com/english/advisories/2007/0690
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32625
Frequently Asked Questions
What is the severity of CVE-2007-1066?
CVE-2007-1066 has a medium severity rating due to its potential impact on system security.
How do I fix CVE-2007-1066?
To fix CVE-2007-1066, update the affected Cisco software to the latest patched version provided by Cisco.
Which Cisco products are affected by CVE-2007-1066?
CVE-2007-1066 affects Cisco Secure Services Client 4.x, Trust Agent 1.x and 2.x, and Cisco Security Agent 5.0 and 5.1.
What type of vulnerability is CVE-2007-1066?
CVE-2007-1066 is a vulnerability related to insecure default Discretionary Access Control Lists (DACL) in certain Cisco products.
Is there a workaround for CVE-2007-1066?
Currently, the recommended mitigation for CVE-2007-1066 is to apply the necessary software updates from Cisco.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco trust agent
- version/cisco trust agent/2.0
- canonical/cisco security agent
- version/cisco security agent/5.1
- version/cisco security agent/5.0
- canonical/cisco secure
- version/cisco secure/4.0.51
- version/cisco secure/4.0
- version/cisco trust agent/2.0.1
- vendor/meetinghouse
- canonical/meetinghouse aegis secureconnect client
- version/meetinghouse aegis secureconnect client/windows_platform
- version/cisco trust agent/2.1
- version/cisco trust agent/1.0
- version/cisco secure/4.0.5