Описание
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*
cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00073
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
EPSS
Процентиль: 22%
0.00073
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other