CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
26.1%
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_services_client | 4.0 | cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:* |
cisco | secure_services_client | 4.0.5 | cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:* |
cisco | secure_services_client | 4.0.51 | cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:* |
cisco | security_agent | 5.0 | cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:* |
cisco | security_agent | 5.1 | cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:* |
cisco | trust_agent | 1.0 | cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:* |
cisco | trust_agent | 2.0 | cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:* |
cisco | trust_agent | 2.0.1 | cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:* |
cisco | trust_agent | 2.1 | cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:* |
meetinghouse | aegis_secureconnect_client | windows_platform | cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:* |