Search criteria
39 vulnerabilities found for security_agent by cisco
FKIE_CVE-2011-0364
Vulnerability from fkie_nvd - Published: 2011-02-19 01:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 5.1 | |
| cisco | security_agent | 5.2 | |
| cisco | security_agent | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "734B38F1-6FEC-4A94-B1C9-D076750A133F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8805C68E-E152-4089-B74C-1B7703ECC064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request."
},
{
"lang": "es",
"value": "La consola de administraci\u00f3n (webagent.exe) en Cisco Security Agent v5.1, v5.2 y v6.0 antes de v6.0.2.145 permite a atacantes remotos crear ficheros arbitrarios y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de par\u00e1metros no especificados en una petici\u00f3n st_upload debidamente modificada."
}
],
"id": "CVE-2011-0364",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-19T01:00:02.337",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43383"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43393"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/8095"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/8197"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/8205"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/46420"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025088"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"source": "psirt@cisco.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0146
Vulnerability from fkie_nvd - Published: 2010-02-23 20:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8805C68E-E152-4089-B74C-1B7703ECC064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Management Center para Cisco Security Agents v6.0 permite a usuarios remotos autenticados leer ficheros de forma arbitraria a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-0146",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-23T20:30:00.593",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/62443"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/38271"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0148
Vulnerability from fkie_nvd - Published: 2010-02-23 20:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 5.2 | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "734B38F1-6FEC-4A94-B1C9-D076750A133F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Cisco Security Agent v5.2 anterior a v5.2.0.285, cuando se ejecuta sobre linux, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (kernel panic) a trav\u00e9s de \"series de paquetes TCP\"."
}
],
"evaluatorComment": "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml\r\n\r\nOnly Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability (the Windows version is not affected).\r\n\r\nThe Linux version of standalone agents are installed in the following products:\r\n\r\n * Cisco Unified Communications Manager (CallManager)\r\n * IPCC Express\r\n * IP Interactive Voice Response (IP IVR)\r\n * Cisco Unified Meeting Place\r\n * Cisco Personal Assistant (PA)\r\n * Cisco Unity Connection\r\n\r\nNote: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. Only Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability. \"",
"id": "CVE-2010-0148",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-23T20:30:00.670",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/62445"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/38273"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1023607"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0147
Vulnerability from fkie_nvd - Published: 2010-02-23 20:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 5.1 | |
| cisco | security_agent | 5.2 | |
| cisco | security_agent | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "734B38F1-6FEC-4A94-B1C9-D076750A133F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8805C68E-E152-4089-B74C-1B7703ECC064",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el Management Center para Cisco Security Agents v5.1 anterior a v5.1.0.117, v5.2 anterior a v5.2.0.296, y v6.0 anterior a v6.0.1.132, permite a usuarios autenticados remotamente ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2010-0147",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-23T20:30:00.627",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/62444"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/38272"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5580
Vulnerability from fkie_nvd - Published: 2007-12-15 01:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 2.1 | |
| cisco | security_agent | 3 | |
| cisco | security_agent | 4.0 | |
| cisco | security_agent | 4.0.1 | |
| cisco | security_agent | 4.0.2 | |
| cisco | security_agent | 4.0.3 | |
| cisco | security_agent | 4.0.3.728 | |
| cisco | security_agent | 4.5 | |
| cisco | security_agent | 4.5.1 | |
| cisco | security_agent | 4.5.1.639 | |
| cisco | security_agent | 4.5.1.657 | |
| cisco | security_agent | 4.5.1.659 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.0.0.201 | |
| cisco | security_agent | 5.0.193 | |
| cisco | security_agent | 5.1 | |
| cisco | security_agent | 5.1.79 | |
| cisco | security_agent | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31271A5A-61AE-486E-830B-FBDA557D802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F15A5A49-D0DF-4E65-A86E-7B71E7BF0273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1089218C-A480-49CF-A499-5ABDAD017B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA5B2E7-203D-4340-80C1-3CAF1A15A36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "612862DD-0FEE-4FBE-8750-EFC7BA22E792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "845D746E-3269-4E43-836B-486331EC14EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.3.728:*:*:*:*:*:*:*",
"matchCriteriaId": "90021BE3-85B4-46E5-BDC0-04A30B772063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5562E755-E4A3-4656-859A-40757012BE89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84A1657D-BBC9-4CF5-8F5A-486FAC8B9489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1.639:*:*:*:*:*:*:*",
"matchCriteriaId": "14F08C40-7A58-4B0B-A3A1-6F23DB113F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1.657:*:*:*:*:*:*:*",
"matchCriteriaId": "92BCC996-7C45-479D-8952-00B079604CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.5.1.659:*:*:*:*:*:*:*",
"matchCriteriaId": "D2AEBD5B-2EFD-465E-8108-24AB0CEB0892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0.0.201:*:*:*:*:*:*:*",
"matchCriteriaId": "7A691B7B-A8B1-41D5-A6F2-7521146F02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0.193:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC93FD-9A77-49AD-86CB-414B041F52F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1.79:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1FE344-15E2-44B5-9346-253283CEBD3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "734B38F1-6FEC-4A94-B1C9-D076750A133F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en un determinado controlador en Cisco Security Agent versiones 4.5.1 anteriores a 4.5.1.672, versiones 5.0 anteriores a 5.0.0.225, versiones 5.1 anteriores a 5.1.0.106, y versiones 5.2 anteriores a 5.2.0.238 en Windows, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un paquete SMB especialmente dise\u00f1ado en una sesi\u00f3n TCP en el puerto (1) 139 o (2) 445."
}
],
"id": "CVE-2007-5580",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-15T01:46:00.000",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/39521"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27947"
},
{
"source": "psirt@cisco.com",
"url": "http://securityreason.com/securityalert/3425"
},
{
"source": "psirt@cisco.com",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"source": "psirt@cisco.com",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/26723"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1019046"
},
{
"source": "psirt@cisco.com",
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4103"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1065
Vulnerability from fkie_nvd - Published: 2007-02-22 01:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.0 | |
| cisco | secure_services_client | 4.0.5 | |
| cisco | secure_services_client | 4.0.51 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1.0 | |
| cisco | trust_agent | 2.0 | |
| cisco | trust_agent | 2.0.1 | |
| cisco | trust_agent | 2.1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
},
{
"lang": "es",
"value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un agente de confianza vulnerable), y el Meetinghouse AEGIS SecureConnect Client, permiten a usuarios locales alcanzar privilegios SYSTEM por medio de vectores no especificados en el requiriente, tambi\u00e9n se conoce como CSCsf15836."
}
],
"id": "CVE-2007-1065",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33048"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1067
Vulnerability from fkie_nvd - Published: 2007-02-22 01:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.x | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.x:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F54068-B565-4938-8CE9-74B1877A2733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1:*:*:*:*:*:*:*",
"matchCriteriaId": "441F81AB-A72A-475F-8B61-D6A7CEA48363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
},
{
"lang": "es",
"value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido implementado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, no analizan apropiadamente los comandos, lo que permite a usuarios locales alcanzar privilegios por medio de vectores no especificados, tambi\u00e9n se conoce como CSCsh30624."
}
],
"id": "CVE-2007-1067",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33045"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1066
Vulnerability from fkie_nvd - Published: 2007-02-22 01:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.0 | |
| cisco | secure_services_client | 4.0.5 | |
| cisco | secure_services_client | 4.0.51 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1.0 | |
| cisco | trust_agent | 2.0 | |
| cisco | trust_agent | 2.0.1 | |
| cisco | trust_agent | 2.1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
},
{
"lang": "es",
"value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, usan una Discretionary Access Control Lists (DACL) predeterminada y no segura para la interfaz gr\u00e1fica de usuario (GUI) de conexi\u00f3n cliente, lo que permite a usuarios locales alcanzar privilegios inyectando \"a thread under ConnectionClient.exe,\" tambi\u00e9n se conoce como CSCsg20558."
}
],
"id": "CVE-2007-1066",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33047"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1068
Vulnerability from fkie_nvd - Published: 2007-02-22 01:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.0 | |
| cisco | secure_services_client | 4.0.5 | |
| cisco | secure_services_client | 4.0.51 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1.0 | |
| cisco | trust_agent | 2.0 | |
| cisco | trust_agent | 2.0.1 | |
| cisco | trust_agent | 2.1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
},
{
"lang": "es",
"value": "Los m\u00e9todos de autenticaci\u00f3n (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, y (10) FAST en Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent versiones 1.x y 2.x, Cisco Security Agent, (CSA) versiones 5.0 y 5.1 (cuando ha sido implementado un Trust Agent vulnerable), y el Meetinghouse AEGIS SecureConnect Client, almacena las credenciales de autenticaci\u00f3n transmitidas en archivos de registro de texto plano, lo que permite a usuarios locales obtener informaci\u00f3n confidencial por medio de la lectura de estos archivos, tambi\u00e9n se conoce como CSCsg34423."
}
],
"id": "CVE-2007-1068",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33046"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1064
Vulnerability from fkie_nvd - Published: 2007-02-22 01:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_services_client | 4.0 | |
| cisco | secure_services_client | 4.0.5 | |
| cisco | secure_services_client | 4.0.51 | |
| cisco | security_agent | 5.0 | |
| cisco | security_agent | 5.1 | |
| cisco | trust_agent | 1.0 | |
| cisco | trust_agent | 2.0 | |
| cisco | trust_agent | 2.0.1 | |
| cisco | trust_agent | 2.1 | |
| meetinghouse | aegis_secureconnect_client | windows_platform |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEFEA3C-0595-4A62-8ACA-EBC364BFAEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3802F8EB-A1B9-42ED-B18F-6DDDE66D1DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "63567540-B390-41DB-B3C8-C6F5E47914A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E171031D-51C1-41BB-96E4-DFFF0C36B74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DD0915-7671-42CD-8DF3-0B685389C528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE07274-FF2E-4D38-8E7A-68535BA3B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A548227E-0736-44B4-AB8B-930D5B7FC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDB26D-F1DC-4B90-824B-B03EDE92C27A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "957BB8CB-A3E9-4FB0-A60D-864FD14371C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7A9BA8-B2C9-417A-86FA-1672EA9886BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
},
{
"lang": "es",
"value": "Cisco Secure Services Client (CSSC) versiones 4.x, Trust Agent 1.x y 2.x, Cisco Security Agent (CSA) versiones 5.0 y 5.1 (cuando ha sido desplegado un Trust Agent vulnerable) y el Meetinghouse AEGIS SecureConnect Client, no pierde los privilegios cuando es invocado el servicio de ayuda en la GUI del requirente, lo que permite a usuarios locales alcanzar privilegios, tambi\u00e9n se conoce como CSCsf14120."
}
],
"id": "CVE-2007-1064",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33049"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-0364 (GCVE-0-2011-0364)
Vulnerability from cvelistv5 – Published: 2011-02-18 23:00 – Updated: 2024-08-06 21:51
VLAI?
Summary
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8197",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025088"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "8197",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025088"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8197",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025088"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-088",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-0364",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-01-07T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0147 (GCVE-0-2010-0147)
Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"refsource": "OSVDB",
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0147",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0148 (GCVE-0-2010-0148)
Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"refsource": "OSVDB",
"url": "http://osvdb.org/62445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0148",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0146 (GCVE-0-2010-0146)
Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "62443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62443",
"refsource": "OSVDB",
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0146",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5580 (GCVE-0-2007-5580)
Vulnerability from cvelistv5 – Published: 2007-12-15 01:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3425",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "3425",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2007-5580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3425",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"refsource": "OSVDB",
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26723"
},
{
"name": "http://www.nsfocus.com/english/homepage/research/0702.htm",
"refsource": "MISC",
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2007-5580",
"datePublished": "2007-12-15T01:00:00",
"dateReserved": "2007-10-19T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1064 (GCVE-0-2007-1064)
Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"refsource": "OSVDB",
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1064",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1068 (GCVE-0-2007-1068)
Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"refsource": "OSVDB",
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1068",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1066 (GCVE-0-2007-1066)
Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"refsource": "OSVDB",
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1066",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1065 (GCVE-0-2007-1065)
Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"refsource": "OSVDB",
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1065",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1067 (GCVE-0-2007-1067)
Vulnerability from cvelistv5 – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"refsource": "OSVDB",
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1067",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0364 (GCVE-0-2011-0364)
Vulnerability from nvd – Published: 2011-02-18 23:00 – Updated: 2024-08-06 21:51
VLAI?
Summary
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8197",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025088"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "8197",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025088"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8197",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8197"
},
{
"name": "20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml"
},
{
"name": "1025088",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025088"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-088",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-088"
},
{
"name": "20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516505/100/0/threaded"
},
{
"name": "8205",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8205"
},
{
"name": "43383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43383"
},
{
"name": "8095",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8095"
},
{
"name": "46420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46420"
},
{
"name": "ADV-2011-0424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0424"
},
{
"name": "43393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43393"
},
{
"name": "cisco-security-webagent-file-upload(65436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-0364",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-01-07T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0147 (GCVE-0-2010-0147)
Vulnerability from nvd – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "62444",
"refsource": "OSVDB",
"url": "http://osvdb.org/62444"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "cisco-sa-mgmtcenter-sql-injection(56346)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346"
},
{
"name": "38272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0147",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0148 (GCVE-0-2010-0148)
Vulnerability from nvd – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via \"a series of TCP packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-securityagent-tcp-dos(56347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56347"
},
{
"name": "1023607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023607"
},
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "38273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38273"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "62445",
"refsource": "OSVDB",
"url": "http://osvdb.org/62445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0148",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0146 (GCVE-0-2010-0146)
Vulnerability from nvd – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "62443",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62443",
"refsource": "OSVDB",
"url": "http://osvdb.org/62443"
},
{
"name": "38619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38619"
},
{
"name": "cisco-sa-mgmtcenter-dir-traversal(56345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56345"
},
{
"name": "ADV-2010-0416",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0416"
},
{
"name": "1023606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023606"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco Security Agent",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml"
},
{
"name": "38271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0146",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5580 (GCVE-0-2007-5580)
Vulnerability from nvd – Published: 2007-12-15 01:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3425",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "3425",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2007-5580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3425",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3425"
},
{
"name": "27947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27947"
},
{
"name": "ADV-2007-4103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4103"
},
{
"name": "1019046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019046"
},
{
"name": "20071205 Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml"
},
{
"name": "39521",
"refsource": "OSVDB",
"url": "http://osvdb.org/39521"
},
{
"name": "20071206 NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484669/100/100/threaded"
},
{
"name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsl00618"
},
{
"name": "26723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26723"
},
{
"name": "http://www.nsfocus.com/english/homepage/research/0702.htm",
"refsource": "MISC",
"url": "http://www.nsfocus.com/english/homepage/research/0702.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2007-5580",
"datePublished": "2007-12-15T01:00:00",
"dateReserved": "2007-10-19T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1064 (GCVE-0-2007-1064)
Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "33049",
"refsource": "OSVDB",
"url": "http://osvdb.org/33049"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-help-privilege-escalation(32621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32621"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1064",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1068 (GCVE-0-2007-1068)
Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33046",
"refsource": "OSVDB",
"url": "http://osvdb.org/33046"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-password-information-disclosure(32626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32626"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1068",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1066 (GCVE-0-2007-1066)
Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting \"a thread under ConnectionClient.exe,\" aka CSCsg20558."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "cisco-cssc-dacl-privilege-escalation(32625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32625"
},
{
"name": "33047",
"refsource": "OSVDB",
"url": "http://osvdb.org/33047"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1066",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1065 (GCVE-0-2007-1065)
Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "cisco-cssc-privilege-escalation(32622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32622"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "33048",
"refsource": "OSVDB",
"url": "http://osvdb.org/33048"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1065",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1067 (GCVE-0-2007-1067)
Vulnerability from nvd – Published: 2007-02-22 01:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24258",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24258"
},
{
"name": "33045",
"refsource": "OSVDB",
"url": "http://osvdb.org/33045"
},
{
"name": "cisco-cssc-parsing-privilege-escalation(32624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32624"
},
{
"name": "ADV-2007-0690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0690"
},
{
"name": "22648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22648"
},
{
"name": "20070221 Multiple Vulnerabilities in 802.1X Supplicant",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml"
},
{
"name": "1017683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017683"
},
{
"name": "1017684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1067",
"datePublished": "2007-02-22T01:00:00",
"dateReserved": "2007-02-21T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}