6.8
CVE-2007-1066
- EPSS 0.07%
- Veröffentlicht 22.02.2007 01:28:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Secure Services Client Version4.0
Cisco ≫ Secure Services Client Version4.0.5
Cisco ≫ Secure Services Client Version4.0.51
Cisco ≫ Security Agent Version5.0
Cisco ≫ Security Agent Version5.1
Cisco ≫ Trust Agent Version1.0
Cisco ≫ Trust Agent Version2.0
Cisco ≫ Trust Agent Version2.0.1
Cisco ≫ Trust Agent Version2.1
Meetinghouse ≫ Aegis Secureconnect Client Versionwindows_platform
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.185 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 3.1 | 10 |
AV:L/AC:L/Au:S/C:C/I:C/A:C
|