Vulnerability Description
Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Trust Agent | All versions |
References
- http://osvdb.org/34123
- http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror
- http://www.cisco.com/en/US/products/products_security_response09186a00808110da.h
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33557
- http://osvdb.org/34123
- http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror
- http://www.cisco.com/en/US/products/products_security_response09186a00808110da.h
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33557
FAQ
What is CVE-2007-1800?
CVE-2007-1800 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint As...
How severe is CVE-2007-1800?
CVE-2007-1800 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1800?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Trust Agent.