CVE-2007-3184 Information

Description

Cisco Trust Agent (CTA) before 2.1.104.0 when running on MacOS X allows attackers with physical access to bypass authentication and modify System Preferences including passwords by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

Reference

http://secunia.com/advisories/25598 http://securityreason.com/securityalert/2796 http://www.cisco.com/en/US/products/products_security_response09186a008085d645.html http://www.osvdb.org/35340 http://www.securityfocus.com/archive/1/471041/100/0/threaded http://www.securityfocus.com/bid/24415 http://www.securitytracker.com/id?1018217 http://www.vupen.com/english/advisories/2007/2140 https://exchange.xforce.ibmcloud.com/vulnerabilities/34807