CVE-2007-3184

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Trust_agent	Cisco	*	2.1.104.0 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://secunia.com/advisories/25598
http://securityreason.com/securityalert/2796
http://www.cisco.com/en/US/products/products_security_response09186a008085d645.html
http://www.osvdb.org/35340
http://www.securityfocus.com/archive/1/471041/100/0/threaded
http://www.securityfocus.com/bid/24415
http://www.securitytracker.com/id?1018217
http://www.vupen.com/english/advisories/2007/2140
https://exchange.xforce.ibmcloud.com/vulnerabilities/34807

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3184
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References