var-200706-0105
Vulnerability from variot
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. Cisco Trust Agent for Mac OS X is prone to a local privilege-escalation vulnerability because of the method that the application uses to deliver notifications to users. Successfully exploiting this issue allows local users to gain superuser-level privileges on affected computers if it is exploited before an authorized user is authenticated. If exploited after an authorized user has been authenticated, attackers may gain user-level access to affected computers. Versions of Cisco Trust Agent prior to 2.1.104.0 are vulnerable to this issue when running on Apple Mac OS X. Other platforms are not affected. This issue is documented in Cisco bug ID CSCsi58799. Cisco Trust Agent is responsible for collecting security status information of multiple security software clients, such as Anti-Virus and Cisco Security Agent software clients, and then transmits the information to the Cisco network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0105",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": null,
"trust": 1.4,
"vendor": "apple",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "trust agent",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "2.1.103.0"
},
{
"model": "trust agent",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "trust agent",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "trust agent",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "2.1.104.0"
},
{
"model": "trust agent",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "trust agent",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0.1"
},
{
"model": "trust agent",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1"
},
{
"model": "trust agent",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.1"
},
{
"model": "trust agent",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1.104.0"
}
],
"sources": [
{
"db": "BID",
"id": "24415"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002177"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
},
{
"db": "NVD",
"id": "CVE-2007-3184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:trust_agent",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002177"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Blake\u203b adblake@deloitte.co.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2007-3184",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-26546",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3184",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-3184",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-215",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-26546",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26546"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002177"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
},
{
"db": "NVD",
"id": "CVE-2007-3184"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. Cisco Trust Agent for Mac OS X is prone to a local privilege-escalation vulnerability because of the method that the application uses to deliver notifications to users. \nSuccessfully exploiting this issue allows local users to gain superuser-level privileges on affected computers if it is exploited before an authorized user is authenticated. If exploited after an authorized user has been authenticated, attackers may gain user-level access to affected computers. \nVersions of Cisco Trust Agent prior to 2.1.104.0 are vulnerable to this issue when running on Apple Mac OS X. Other platforms are not affected. \nThis issue is documented in Cisco bug ID CSCsi58799. Cisco Trust Agent is responsible for collecting security status information of multiple security software clients, such as Anti-Virus and Cisco Security Agent software clients, and then transmits the information to the Cisco network",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3184"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002177"
},
{
"db": "BID",
"id": "24415"
},
{
"db": "VULHUB",
"id": "VHN-26546"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3184",
"trust": 2.8
},
{
"db": "BID",
"id": "24415",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1018217",
"trust": 1.7
},
{
"db": "SREASON",
"id": "2796",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25598",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2140",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "35340",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002177",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200706-215",
"trust": 0.7
},
{
"db": "XF",
"id": "34807",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20070611 CISCO TRUST AGENT - MAC OS X PRIVILEGE ESCALATION VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070611 CISCO TRUST AGENT VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-26546",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26546"
},
{
"db": "BID",
"id": "24415"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002177"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
},
{
"db": "NVD",
"id": "CVE-2007-3184"
}
]
},
"id": "VAR-200706-0105",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26546"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:06:55.726000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apple.com/"
},
{
"title": "Document ID: 581",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20070611-cta"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002177"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26546"
},
{
"db": "NVD",
"id": "CVE-2007-3184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24415"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a008085d645.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/35340"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018217"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25598"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/2796"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/471041/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2140"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34807"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3184"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3184"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34807"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/471041/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2140"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps5923/index.html"
},
{
"trust": 0.3,
"url": "/archive/1/471041"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070611-cta.shtml"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26546"
},
{
"db": "BID",
"id": "24415"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002177"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
},
{
"db": "NVD",
"id": "CVE-2007-3184"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26546"
},
{
"db": "BID",
"id": "24415"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002177"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
},
{
"db": "NVD",
"id": "CVE-2007-3184"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-26546"
},
{
"date": "2007-06-11T00:00:00",
"db": "BID",
"id": "24415"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002177"
},
{
"date": "2007-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-215"
},
{
"date": "2007-06-12T21:30:00",
"db": "NVD",
"id": "CVE-2007-3184"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-26546"
},
{
"date": "2015-05-07T17:37:00",
"db": "BID",
"id": "24415"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002177"
},
{
"date": "2007-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-215"
},
{
"date": "2024-11-21T00:32:36.480000",
"db": "NVD",
"id": "CVE-2007-3184"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "24415"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Trust Agent for Mac OS X Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "BID",
"id": "24415"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-215"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…