Privilege Escalation Vulnerability in Cisco Secure Services Client and Trust Agent
CVE-2007-1066

Currently unrated

Key Information:

Vendor: Cisco
Status: Trust Agent; Security Agent; Secure Services Client; Aegis Secureconnect Client
Vendor: CVE Published:; 22 February 2007

What is CVE-2007-1066?

The vulnerability discovered in Cisco Secure Services Client and related products arises from insecure default Discretionary Access Control Lists (DACL) used for the ConnectionClient GUI. This flaw permits local users to execute a thread under ConnectionClient.exe, potentially allowing them to escalate privileges and access restricted functions within the system. This exposure poses significant security concerns, particularly in environments where sensitive data integrity and user access control are paramount.

References

http://secunia.com/advisories/24258

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/0690

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/22648

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2007
Vulnerability Reserved
Feb 21, 2007