Privilege Escalation in Cisco Secure Services Client and Related Products
CVE-2007-1064

Currently unrated

Key Information:

Vendor: Cisco
Status: Trust Agent; Security Agent; Secure Services Client; Aegis Secureconnect Client
Vendor: CVE Published:; 22 February 2007

Summary

A vulnerability in the Cisco Secure Services Client and related products allows local users to gain elevated privileges through the help facility in the supplicant GUI. This issue arises because the affected software does not properly drop user privileges, which could potentially be exploited to execute unauthorized actions within the system. Ensuring that the affected versions are updated and deploying security measures can mitigate the risks associated with this vulnerability.

References

http://secunia.com/advisories/24258

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/0690

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/22648

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 22, 2007
Vulnerability Reserved
Feb 21, 2007