Details of VAR-200702-0469

ID

VAR-200702-0469

CVE

CVE-2007-1068

TITLE

CSSC Of products such as Vulnerability in the acquisition of important information in authentication methods

Trust: 0.8

sources: JVNDB: JVNDB-2007-001603

DESCRIPTION

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. (1) TTLS CHAP Authentication method (2) TTLS MSCHAP Authentication method (3) TTLS MSCHAPv2 Authentication method (4) TTLS PAP Authentication method (5) MD5 Authentication method (6) GTC Authentication method (7) LEAP Authentication method (8) PEAP MSCHAPv2 Authentication method (9) PEAP GTC Authentication method (10) FAST Authentication methodBy reading a plain text log file, a local user may obtain important information. Cisco CSSC and CTA products are prone to an information-disclosure issue and multiple privilege-escalation vulnerabilities because of design flaws in the software. Exploiting these issues allows local attackers to access sensitive information and to elevate their privileges on affected computers. Cisco Secure Services Client is a tool for deploying a single 802.1X-based authentication framework across multiple Cisco devices. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. 1) Various design errors can be exploited to gain escalated privileges via e.g. the help functionality, when launching programs, by injecting threads, and when parsing commands. 2) When using various authentication methods, the user's password is stored in cleartext in the application log files. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco Systems: http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1068 // JVNDB: JVNDB-2007-001603 // BID: 22648 // VULHUB: VHN-24430 // PACKETSTORM: 54559

AFFECTED PRODUCTS

vendor:	meetinghouse	model:	aegis secureconnect client	scope:	eq	version:	windows_platform	Trust: 1.6
vendor:	cisco	model:	trust agent	scope:	eq	version:	2.0	Trust: 1.3
vendor:	cisco	model:	trust agent	scope:	eq	version:	1.0	Trust: 1.3
vendor:	cisco	model:	security agent	scope:	eq	version:	5.1	Trust: 1.3
vendor:	cisco	model:	security agent	scope:	eq	version:	5.0	Trust: 1.3
vendor:	cisco	model:	secure services client	scope:	eq	version:	4.0	Trust: 1.3
vendor:	cisco	model:	secure services client	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	cisco	model:	trust agent	scope:	eq	version:	2.1	Trust: 1.0
vendor:	cisco	model:	trust agent	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	secure services client	scope:	eq	version:	4.0.51	Trust: 1.0
vendor:	meetinghouse	model:	aegis secureconnect client	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	security agent	scope:	eq	version:	5.0 and 5.1	Trust: 0.8
vendor:	cisco	model:	secure services client	scope:	eq	version:	4.x	Trust: 0.8
vendor:	cisco	model:	trust agent	scope:	eq	version:	1.x and 2.x	Trust: 0.8
vendor:	cisco	model:	meetinghouse aegis secureconnect client	scope:	eq	version:	0	Trust: 0.3

sources: BID: 22648 // JVNDB: JVNDB-2007-001603 // CNNVD: CNNVD-200702-409 // NVD: CVE-2007-1068

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1068
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-1068
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200702-409
value:	HIGH
Trust: 0.6
VULHUB:	VHN-24430
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-1068
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24430
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24430 // JVNDB: JVNDB-2007-001603 // CNNVD: CNNVD-200702-409 // NVD: CVE-2007-1068

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-24430 // JVNDB: JVNDB-2007-001603 // NVD: CVE-2007-1068

THREAT TYPE

local

Trust: 1.0

sources: BID: 22648 // PACKETSTORM: 54559 // CNNVD: CNNVD-200702-409

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-200702-409

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001603

PATCH

title:	cisco-sa-20070221-supplicant	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070221-supplicant	Trust: 0.8
title:	EOS and EOL Announcement for the Meetinghouse AEGIS Product Line	url:	http://www.cisco.com/en/US/prod/collateral/wireless/ps6442/ps7034/prod_end-of-life_notice0900aecd8056b4f2.html	Trust: 0.8

sources: JVNDB: JVNDB-2007-001603

EXTERNAL IDS

db:	NVD	id:	CVE-2007-1068	Trust: 2.8
db:	BID	id:	22648	Trust: 2.0
db:	SECUNIA	id:	24258	Trust: 1.8
db:	SECTRACK	id:	1017684	Trust: 1.7
db:	SECTRACK	id:	1017683	Trust: 1.7
db:	OSVDB	id:	33046	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0690	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001603	Trust: 0.8
db:	CNNVD	id:	CNNVD-200702-409	Trust: 0.7
db:	CISCO	id:	20070221 MULTIPLE VULNERABILITIES IN 802.1X SUPPLICANT	Trust: 0.6
db:	XF	id:	32626	Trust: 0.6
db:	VULHUB	id:	VHN-24430	Trust: 0.1
db:	PACKETSTORM	id:	54559	Trust: 0.1

sources: VULHUB: VHN-24430 // BID: 22648 // JVNDB: JVNDB-2007-001603 // PACKETSTORM: 54559 // CNNVD: CNNVD-200702-409 // NVD: CVE-2007-1068

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/22648	Trust: 1.7
url:	http://osvdb.org/33046	Trust: 1.7
url:	http://www.securitytracker.com/id?1017683	Trust: 1.7
url:	http://www.securitytracker.com/id?1017684	Trust: 1.7
url:	http://secunia.com/advisories/24258	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/0690	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/32626	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1068	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1068	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/32626	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/0690	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps6742/tsd_products_support_series_home.html	Trust: 0.3
url:	/archive/1/460758	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/product/13533/	Trust: 0.1
url:	http://secunia.com/product/12423/	Trust: 0.1
url:	http://secunia.com/product/13535/	Trust: 0.1
url:	http://secunia.com/product/13534/	Trust: 0.1
url:	http://secunia.com/advisories/24258/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-24430 // BID: 22648 // JVNDB: JVNDB-2007-001603 // PACKETSTORM: 54559 // CNNVD: CNNVD-200702-409 // NVD: CVE-2007-1068

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200702-409

SOURCES

db:	VULHUB	id:	VHN-24430
db:	BID	id:	22648
db:	JVNDB	id:	JVNDB-2007-001603
db:	PACKETSTORM	id:	54559
db:	CNNVD	id:	CNNVD-200702-409
db:	NVD	id:	CVE-2007-1068

LAST UPDATE DATE

2024-11-23T22:19:48.874000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24430	date:	2017-07-29T00:00:00
db:	BID	id:	22648	date:	2016-07-06T14:40:00
db:	JVNDB	id:	JVNDB-2007-001603	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200702-409	date:	2013-01-10T00:00:00
db:	NVD	id:	CVE-2007-1068	date:	2024-11-21T00:27:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24430	date:	2007-02-22T00:00:00
db:	BID	id:	22648	date:	2007-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2007-001603	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	54559	date:	2007-02-23T02:32:16
db:	CNNVD	id:	CNNVD-200702-409	date:	2007-02-21T00:00:00
db:	NVD	id:	CVE-2007-1068	date:	2007-02-22T01:28:00