6.8
CVE-2007-1066
- EPSS 0.07%
- Published 22.02.2007 01:28:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Secure Services Client Version4.0
Cisco ≫ Secure Services Client Version4.0.5
Cisco ≫ Secure Services Client Version4.0.51
Cisco ≫ Security Agent Version5.0
Cisco ≫ Security Agent Version5.1
Cisco ≫ Trust Agent Version1.0
Cisco ≫ Trust Agent Version2.0
Cisco ≫ Trust Agent Version2.0.1
Cisco ≫ Trust Agent Version2.1
Meetinghouse ≫ Aegis Secureconnect Client Versionwindows_platform
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.185 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 3.1 | 10 |
AV:L/AC:L/Au:S/C:C/I:C/A:C
|