1. Home
  2. CVE Database
  3. CVE-2007-1064
MEDIUM · 6.8

CVE-2007-1064

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Cli...

Vulnerability Description

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.

CVSS Score

6.8

MEDIUM

AV:L/AC:L/Au:S/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
CiscoSecure Services Client4.0
CiscoSecurity Agent5.0
CiscoTrust Agent1.0
MeetinghouseAegis Secureconnect Clientwindows_platform

References

FAQ

What is CVE-2007-1064?

CVE-2007-1064 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Cli...

How severe is CVE-2007-1064?

CVE-2007-1064 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-1064?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Services Client, Cisco Security Agent, Cisco Trust Agent, Meetinghouse Aegis Secureconnect Client.