CVE-2007-3184 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2007-3184?

CVE-2007-3184 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-3184?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Trust Agent, Apple Mac Os X.

Vulnerability Description

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Trust Agent	< 2.1.104.0
Apple	Mac Os X	All versions

Related Weaknesses (CWE)

CWE-287

References

http://secunia.com/advisories/25598Third Party Advisory
http://securityreason.com/securityalert/2796ExploitThird Party Advisory
http://www.cisco.com/en/US/products/products_security_response09186a008085d645.hVendor Advisory
http://www.osvdb.org/35340Broken Link
http://www.securityfocus.com/archive/1/471041/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/24415PatchThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018217Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2007/2140Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34807Third Party AdvisoryVDB Entry
http://secunia.com/advisories/25598Third Party Advisory
http://securityreason.com/securityalert/2796ExploitThird Party Advisory
http://www.cisco.com/en/US/products/products_security_response09186a008085d645.hVendor Advisory
http://www.osvdb.org/35340Broken Link
http://www.securityfocus.com/archive/1/471041/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/24415PatchThird Party AdvisoryVDB Entry

FAQ

What is CVE-2007-3184?

CVE-2007-3184 is a vulnerability with a CVSS score of 7.2 (HIGH). Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Ap...

How severe is CVE-2007-3184?

CVE-2007-3184 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-3184?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Trust Agent, Apple Mac Os X.