CVE-2007-1066

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

Severity	MEDIUM
CVSS	6.8
CWE	NVD-CWE-Other
KEV
Published	19 years ago
Modified	3 weeks ago

Related Products

Product	Advisory
Cisco RV Series Routers	cisco-sa-20070221-supplicant
Cisco Nexus Dashboard	cisco-sa-20070221-supplicant
Cisco Catalyst PON Series Switches	cisco-sa-20070221-supplicant
Cisco Application Centric Infrastructure Virtual Edge	cisco-sa-20070221-supplicant
Cisco Trust Agent	cisco-sa-20070221-supplicant
Cisco Security Agent	cisco-sa-20070221-supplicant
Cisco Secure Services Client	cisco-sa-20070221-supplicant
Cisco Meetinghouse AEGIS SecureConnect	cisco-sa-20070221-supplicant