CVE-2007-1800
First published: Mon Apr 02 2007(Updated: )
Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Trust Agent |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-1800?
CVE-2007-1800 has a high severity rating due to its potential for unauthorized network access through spoofed posture information.
How do I fix CVE-2007-1800?
To fix CVE-2007-1800, ensure that Cisco Secure ACS enforces authentication for posture information transmitted by the Cisco Trust Agent.
Who is affected by CVE-2007-1800?
CVE-2007-1800 affects users of Cisco Trust Agent that interact with Cisco Secure ACS.
What type of attack is associated with CVE-2007-1800?
CVE-2007-1800 is associated with a spoofing attack that exploits the lack of authentication in posture information transmission.
Can CVE-2007-1800 be exploited by unauthenticated users?
CVE-2007-1800 exploitation may be limited to authenticated users due to the nature of the attack.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/cisco
- canonical/cisco trust agent