CVE-2007-1066

Currently unrated

Key Information:

Vendor: Cisco
Status: Trust Agent; Security Agent; Secure Services Client; Aegis Secureconnect Client
Vendor: CVE Published:; 22 February 2007

Summary

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

References

http://secunia.com/advisories/24258

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/0690

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/22648

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 22, 2007
Vulnerability Reserved
Feb 21, 2007