Sign-up

ID

VAR-200706-0105


CVE

CVE-2007-3184


TITLE

Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 24415 // CNNVD: CNNVD-200706-215

DESCRIPTION

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. Cisco Trust Agent for Mac OS X is prone to a local privilege-escalation vulnerability because of the method that the application uses to deliver notifications to users. Successfully exploiting this issue allows local users to gain superuser-level privileges on affected computers if it is exploited before an authorized user is authenticated. If exploited after an authorized user has been authenticated, attackers may gain user-level access to affected computers. Versions of Cisco Trust Agent prior to 2.1.104.0 are vulnerable to this issue when running on Apple Mac OS X. Other platforms are not affected. This issue is documented in Cisco bug ID CSCsi58799. Cisco Trust Agent is responsible for collecting security status information of multiple security software clients, such as Anti-Virus and Cisco Security Agent software clients, and then transmits the information to the Cisco network

Trust: 1.98

sources: NVD: CVE-2007-3184 // JVNDB: JVNDB-2007-002177 // BID: 24415 // VULHUB: VHN-26546

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope: - version: -

Trust: 1.4

vendor:applemodel:mac os xscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:trust agentscope:eqversion:2.1.103.0

Trust: 0.9

vendor:ciscomodel:trust agentscope:eqversion:2.0

Trust: 0.9

vendor:ciscomodel:trust agentscope:eqversion:1.0

Trust: 0.9

vendor:ciscomodel:trust agentscope:ltversion:2.1.104.0

Trust: 0.8

vendor:ciscomodel:trust agentscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:trust agentscope:eqversion:2.0.1

Trust: 0.6

vendor:ciscomodel:trust agentscope:eqversion:1

Trust: 0.6

vendor:ciscomodel:trust agentscope:eqversion:2.1

Trust: 0.6

vendor:ciscomodel:trust agentscope:neversion:2.1.104.0

Trust: 0.3

sources: BID: 24415 // JVNDB: JVNDB-2007-002177 // CNNVD: CNNVD-200706-215 // NVD: CVE-2007-3184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3184
value: HIGH

Trust: 1.0

NVD: CVE-2007-3184
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200706-215
value: HIGH

Trust: 0.6

VULHUB: VHN-26546
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3184
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26546
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26546 // JVNDB: JVNDB-2007-002177 // CNNVD: CNNVD-200706-215 // NVD: CVE-2007-3184

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-26546 // NVD: CVE-2007-3184

THREAT TYPE

local

Trust: 0.9

sources: BID: 24415 // CNNVD: CNNVD-200706-215

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200706-215

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002177

PATCH
title:Top Pageurl:http://www.apple.com/
Trust: 0.8
title:Document ID: 581url:http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070611-cta
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002177

EXTERNAL IDS
db:NVDid:CVE-2007-3184
Trust: 2.8
db:BIDid:24415
Trust: 2.0
db:SECTRACKid:1018217
Trust: 1.7
db:SREASONid:2796
Trust: 1.7
db:SECUNIAid:25598
Trust: 1.7
db:VUPENid:ADV-2007-2140
Trust: 1.7
db:OSVDBid:35340
Trust: 1.7
db:JVNDBid:JVNDB-2007-002177
Trust: 0.8
db:CNNVDid:CNNVD-200706-215
Trust: 0.7
db:XFid:34807
Trust: 0.6
db:CISCOid:20070611 CISCO TRUST AGENT - MAC OS X PRIVILEGE ESCALATION VULNERABILITY
Trust: 0.6
db:BUGTRAQid:20070611 CISCO TRUST AGENT VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-26546
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26546 // 
            
            
            
            BID: 24415 // 
            
            
            
            JVNDB: JVNDB-2007-002177 // 
            
            
            
            CNNVD: CNNVD-200706-215 // 
            
            
            
            NVD: CVE-2007-3184

REFERENCES
url:http://www.securityfocus.com/bid/24415
Trust: 1.7
url:http://www.cisco.com/en/us/products/products_security_response09186a008085d645.html
Trust: 1.7
url:http://www.osvdb.org/35340
Trust: 1.7
url:http://www.securitytracker.com/id?1018217
Trust: 1.7
url:http://secunia.com/advisories/25598
Trust: 1.7
url:http://securityreason.com/securityalert/2796
Trust: 1.7
url:http://www.securityfocus.com/archive/1/471041/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/2140
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34807
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3184
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3184
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/34807
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/471041/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/2140
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps5923/index.html
Trust: 0.3
url:/archive/1/471041
Trust: 0.3
url:http://www.cisco.com/warp/public/707/cisco-sr-20070611-cta.shtml
Trust: 0.3
sources:
            
            
            VULHUB: VHN-26546 // 
            
            
            
            BID: 24415 // 
            
            
            
            JVNDB: JVNDB-2007-002177 // 
            
            
            
            CNNVD: CNNVD-200706-215 // 
            
            
            
            NVD: CVE-2007-3184

CREDITS
Adam Blakeā€» adblake@deloitte.co.uk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200706-215

SOURCES
db:VULHUBid:VHN-26546
db:BIDid:24415
db:JVNDBid:JVNDB-2007-002177
db:CNNVDid:CNNVD-200706-215
db:NVDid:CVE-2007-3184

LAST UPDATE DATE
2024-08-14T14:08:09.262000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26546date:2018-10-19T00:00:00
db:BIDid:24415date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-002177date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200706-215date:2007-06-13T00:00:00
db:NVDid:CVE-2007-3184date:2018-10-19T19:03:56.600

SOURCES RELEASE DATE
db:VULHUBid:VHN-26546date:2007-06-12T00:00:00
db:BIDid:24415date:2007-06-11T00:00:00
db:JVNDBid:JVNDB-2007-002177date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200706-215date:2007-06-12T00:00:00
db:NVDid:CVE-2007-3184date:2007-06-12T21:30:00