Executive Summary

Summary
Title Multiple Vulnerabilities in 802.1X Supplicant
Informations
Name cisco-sa-20070221-supplicant First vendor Publication 2007-01-17
Vendor Cisco Last vendor Modification 2007-03-01
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Cisco Secure Services Client (CSSC) is a software client that enables customers to deploy a single authentication framework using the 802.1X authentication standard across multiple device types to access both wired and wireless networks. A lightweight version of the CSSC client is also a component of the Cisco Trust Agent (CTA) within the Cisco Network Admission Control (NAC) Framework solution.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 2
Application 5
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
33049 Cisco Secure Services Client (CSSC) Supplicant GUI Help Facility Local Privil...
33048 Cisco Secure Services Client (CSSC) Supplicant Unspecified Local Privilege Es...
33047 Cisco Secure Services Client (CSSC) Insecure Default DACL
33046 Cisco Secure Services Client (CSSC) Multiple Authentication Scheme Plaintext ...
33045 Cisco Secure Services Client (CSSC) Command Parsing Unspecified Local Privile...