Privilege Escalation Vulnerability in Cisco Secure Services Client and Trust Agent
CVE-2007-1066

Currently unrated

Key Information:

Vendor
Cisco
Status
Trust Agent
Security Agent
Secure Services Client
Aegis Secureconnect Client
Vendor
CVE Published:
22 February 2007

Summary

The vulnerability discovered in Cisco Secure Services Client and related products arises from insecure default Discretionary Access Control Lists (DACL) used for the ConnectionClient GUI. This flaw permits local users to execute a thread under ConnectionClient.exe, potentially allowing them to escalate privileges and access restricted functions within the system. This exposure poses significant security concerns, particularly in environments where sensitive data integrity and user access control are paramount.

References

http://secunia.com/advisories/24258
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0690
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/22648
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.