Description
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
Affected products
- Cisco / secure_services_client4.0 – 4.0
- Cisco / secure_services_client4.0.5 – 4.0.5
- Cisco / secure_services_client4.0.51 – 4.0.51
- Cisco / security_agent5.0 – 5.0
- Cisco / security_agent5.1 – 5.1
- Cisco / trust_agent1.0 – 1.0
- Cisco / trust_agent2.0 – 2.0
- Cisco / trust_agent2.0.1 – 2.0.1
- Cisco / trust_agent2.1 – 2.1
- meetinghouse / aegis_secureconnect_clientwindows_platform – windows_platform
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/24258
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/32622
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/0690
- MISChttp://osvdb.org/33048
- MISChttp://www.securityfocus.com/bid/22648
- VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml
- MISChttp://www.securitytracker.com/id?1017683
- MISChttp://www.securitytracker.com/id?1017684