Lucene search

MitreCVE-2007-1068

HistoryFeb 22, 2007 - 1:28 a.m.

CVE-2007-1068

2007-02-2201:28:00

CWE-255

mitre

web.nvd.nist.gov

cisco

cssc

trust agent

csa

aegis

authentication

plain text

vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

5.9

Confidence

Low

EPSS

0.001

Percentile

26.1%

JSON

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

Affected configurations

Nvd

Node

ciscosecure_services_clientMatch4.0

ciscosecure_services_clientMatch4.0.5

ciscosecure_services_clientMatch4.0.51

ciscosecurity_agentMatch5.0

ciscosecurity_agentMatch5.1

ciscotrust_agentMatch1.0

ciscotrust_agentMatch2.0

ciscotrust_agentMatch2.0.1

ciscotrust_agentMatch2.1

meetinghouseaegis_secureconnect_clientMatchwindows_platform

VendorProductVersionCPE
ciscosecure_services_client4.0cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*
ciscosecure_services_client4.0.5cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*
ciscosecure_services_client4.0.51cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*
ciscosecurity_agent5.0cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*
ciscosecurity_agent5.1cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*
ciscotrust_agent1.0cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*
ciscotrust_agent2.0cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*
ciscotrust_agent2.0.1cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*
ciscotrust_agent2.1cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*
meetinghouseaegis_secureconnect_clientwindows_platformcpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_services_client	4.0	cpe:2.3:a:cisco:secure_services_client:4.0:::::::*
cisco	secure_services_client	4.0.5	cpe:2.3:a:cisco:secure_services_client:4.0.5:::::::*
cisco	secure_services_client	4.0.51	cpe:2.3:a:cisco:secure_services_client:4.0.51:::::::*
cisco	security_agent	5.0	cpe:2.3:a:cisco:security_agent:5.0:::::::*
cisco	security_agent	5.1	cpe:2.3:a:cisco:security_agent:5.1:::::::*
cisco	trust_agent	1.0	cpe:2.3:a:cisco:trust_agent:1.0:::::::*
cisco	trust_agent	2.0	cpe:2.3:a:cisco:trust_agent:2.0:::::::*
cisco	trust_agent	2.0.1	cpe:2.3:a:cisco:trust_agent:2.0.1:::::::*
cisco	trust_agent	2.1	cpe:2.3:a:cisco:trust_agent:2.1:::::::*
meetinghouse	aegis_secureconnect_client	windows_platform	cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:::::::*

References

osvdb.org/33046

secunia.com/advisories/24258

www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml

www.securityfocus.com/bid/22648

www.securitytracker.com/id?1017683

www.securitytracker.com/id?1017684

www.vupen.com/english/advisories/2007/0690

exchange.xforce.ibmcloud.com/vulnerabilities/32626

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

5.9

Confidence

Low

EPSS

0.001

Percentile

26.1%

JSON

Related for CVE-2007-1068