CVE-2007-3184

Sažetak

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

Reference

http://secunia.com/advisories/25598
http://securityreason.com/securityalert/2796
http://www.cisco.com/en/US/products/products_security_response09186a008085d645.html
http://www.osvdb.org/35340
http://www.securityfocus.com/archive/1/471041/100/0/threaded
http://www.securityfocus.com/bid/24415
http://www.securitytracker.com/id?1018217
http://www.vupen.com/english/advisories/2007/2140
https://exchange.xforce.ibmcloud.com/vulnerabilities/34807

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-10-2018 - 19:03

Objavljeno

12-06-2007 - 21:30