CVE-2007-1068 (CNNVD-200702-409)
中文标题:
Cisco Secure Services Client口令泄露漏洞
英文标题:
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8)...
漏洞描述
中文描述:
Cisco Secure Services Client是一种用于在多个Cisco设备中布署单一基于802.1X认证框架的工具。 Cisco Secure Services Client和终端主机上所安装的Cisco Trust Agent的实现上存在多个漏洞,本地攻击者可能利用这些漏洞获取非授权访问或敏感信息。
英文描述:
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | secure_services_client | 4.0 | - | - |
cpe:2.3:a:cisco:secure_services_client:4.0:*:*:*:*:*:*:*
|
| cisco | secure_services_client | 4.0.5 | - | - |
cpe:2.3:a:cisco:secure_services_client:4.0.5:*:*:*:*:*:*:*
|
| cisco | secure_services_client | 4.0.51 | - | - |
cpe:2.3:a:cisco:secure_services_client:4.0.51:*:*:*:*:*:*:*
|
| cisco | security_agent | 5.0 | - | - |
cpe:2.3:a:cisco:security_agent:5.0:*:*:*:*:*:*:*
|
| cisco | security_agent | 5.1 | - | - |
cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*
|
| cisco | trust_agent | 1.0 | - | - |
cpe:2.3:a:cisco:trust_agent:1.0:*:*:*:*:*:*:*
|
| cisco | trust_agent | 2.0 | - | - |
cpe:2.3:a:cisco:trust_agent:2.0:*:*:*:*:*:*:*
|
| cisco | trust_agent | 2.0.1 | - | - |
cpe:2.3:a:cisco:trust_agent:2.0.1:*:*:*:*:*:*:*
|
| cisco | trust_agent | 2.1 | - | - |
cpe:2.3:a:cisco:trust_agent:2.1:*:*:*:*:*:*:*
|
| meetinghouse | aegis_secureconnect_client | windows_platform | - | - |
cpe:2.3:a:meetinghouse:aegis_secureconnect_client:windows_platform:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
AV:L/AC:L/Au:N/C:C/I:C/A:C
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2007-1068 |
2025-11-11 15:17:50 | 2025-11-11 07:32:41 |
| NVD | nvd_CVE-2007-1068 |
2025-11-11 14:52:09 | 2025-11-11 07:41:27 |
| CNNVD | cnnvd_CNNVD-200702-409 |
2025-11-11 15:08:55 | 2025-11-11 07:49:14 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200702-409
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.2
- cvss_vector: NOT_EXTRACTED -> AV:L/AC:L/Au:N/C:C/I:C/A:C
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 10
- data_sources: ['cve'] -> ['cve', 'nvd']