N/A

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

N/A

N/A

Cisco Secure Services Client多个安全漏洞

Cisco Secure Services Client是一种用于在多个Cisco设备中布署单一基于802.1X认证框架的工具。 Cisco Secure Services Client和终端主机上所安装的Cisco Trust Agent的实现上存在多个漏洞，本地攻击者可能利用这些漏洞获取非授权访问或敏感信息。连接客户端GUI(ConnectionClient.exe)不安全的任意访问控制列表(DACL)允许非特权用户在以SYSTEM级权限运行的ConnectionClient.exe下注入线程。这个漏

N/A

N/A