All the vulnerabilites related to cisco - secure_desktop
cve-2015-0691
Vulnerability from cvelistv5
Published
2015-04-17 01:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032140 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150415 Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd"
},
{
"name": "1032140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150415 Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd"
},
{
"name": "1032140",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150415 Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd"
},
{
"name": "1032140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0691",
"datePublished": "2015-04-17T01:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0925
Vulnerability from cvelistv5
Published
2011-02-28 15:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/0513 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/46538 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1025118 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/516648/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65754 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/8108 | third-party-advisory, x_refsource_SREASON | |
| http://zerodayinitiative.com/advisories/ZDI-11-092/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"name": "46538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46538"
},
{
"name": "1025118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025118"
},
{
"name": "20110223 ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516648/100/0/threaded"
},
{
"name": "cisco-secure-activex-code-execution(65754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65754"
},
{
"name": "8108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-092/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2011-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"name": "46538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46538"
},
{
"name": "1025118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025118"
},
{
"name": "20110223 ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516648/100/0/threaded"
},
{
"name": "cisco-secure-activex-code-execution(65754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65754"
},
{
"name": "8108",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-092/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"name": "46538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46538"
},
{
"name": "1025118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025118"
},
{
"name": "20110223 ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516648/100/0/threaded"
},
{
"name": "cisco-secure-activex-code-execution(65754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65754"
},
{
"name": "8108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8108"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-092/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-092/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-0925",
"datePublished": "2011-02-28T15:00:00",
"dateReserved": "2011-02-10T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5806
Vulnerability from cvelistv5
Published
2006-11-08 22:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1017195 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30129 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22747 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/30306 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2006/4409 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/20964 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "cisco-csd-ssl-vpn-information-disclosure(30129)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30129"
},
{
"name": "22747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22747"
},
{
"name": "30306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30306"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "20964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "cisco-csd-ssl-vpn-information-disclosure(30129)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30129"
},
{
"name": "22747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22747"
},
{
"name": "30306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30306"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "20964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20964"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017195",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "cisco-csd-ssl-vpn-information-disclosure(30129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30129"
},
{
"name": "22747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22747"
},
{
"name": "30306",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30306"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "20964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20964"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5806",
"datePublished": "2006-11-08T22:00:00",
"dateReserved": "2006-11-08T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4655
Vulnerability from cvelistv5
Published
2012-09-24 17:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/50669 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78677 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/55606 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
},
{
"name": "50669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50669"
},
{
"name": "securedesktop-weblaunch-code-execution(78677)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"
},
{
"name": "55606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
},
{
"name": "50669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50669"
},
{
"name": "securedesktop-weblaunch-code-execution(78677)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"
},
{
"name": "55606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-4655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
},
{
"name": "50669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50669"
},
{
"name": "securedesktop-weblaunch-code-execution(78677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"
},
{
"name": "55606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-4655",
"datePublished": "2012-09-24T17:00:00",
"dateReserved": "2012-08-24T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0440
Vulnerability from cvelistv5
Published
2010-02-03 18:00
Modified
2024-08-07 00:52
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37960 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/38397 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.coresecurity.com/content/cisco-secure-desktop-xss | x_refsource_MISC | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=19843 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/509290/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2010/0273 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:17.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37960",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37960"
},
{
"name": "38397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38397"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/cisco-secure-desktop-xss"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19843"
},
{
"name": "20100201 [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509290/100/0/threaded"
},
{
"name": "ADV-2010-0273",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37960",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37960"
},
{
"name": "38397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38397"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/cisco-secure-desktop-xss"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19843"
},
{
"name": "20100201 [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509290/100/0/threaded"
},
{
"name": "ADV-2010-0273",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37960"
},
{
"name": "38397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38397"
},
{
"name": "http://www.coresecurity.com/content/cisco-secure-desktop-xss",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/cisco-secure-desktop-xss"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19843",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19843"
},
{
"name": "20100201 [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509290/100/0/threaded"
},
{
"name": "ADV-2010-0273",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0440",
"datePublished": "2010-02-03T18:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:52:17.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5394
Vulnerability from cvelistv5
Published
2006-10-18 19:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/20410 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1017018 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061009 Limitations in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"name": "20410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20410"
},
{
"name": "1017018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Cisco Secure Desktop (CSD) has an unchecked \"Disable printing\" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user\u0027s SSL VPN session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-08T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061009 Limitations in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"name": "20410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20410"
},
{
"name": "1017018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Cisco Secure Desktop (CSD) has an unchecked \"Disable printing\" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user\u0027s SSL VPN session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061009 Limitations in Cisco Secure Desktop",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"name": "20410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20410"
},
{
"name": "1017018",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5394",
"datePublished": "2006-10-18T19:00:00",
"dateReserved": "2006-10-18T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5808
Vulnerability from cvelistv5
Published
2006-11-08 22:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30128 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1017195 | vdb-entry, x_refsource_SECTRACK | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442 | third-party-advisory, x_refsource_IDEFENSE | |
| http://secunia.com/advisories/22747 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2006/4409 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/30308 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/20964 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-csd-permissions-code-execution(30128)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
},
{
"name": "1017195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
},
{
"name": "22747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22747"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "30308",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30308"
},
{
"name": "20964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-csd-permissions-code-execution(30128)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
},
{
"name": "1017195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
},
{
"name": "22747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22747"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "30308",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30308"
},
{
"name": "20964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20964"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-csd-permissions-code-execution(30128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
},
{
"name": "1017195",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
},
{
"name": "22747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22747"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "30308",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30308"
},
{
"name": "20964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20964"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5808",
"datePublished": "2006-11-08T22:00:00",
"dateReserved": "2006-11-08T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5393
Vulnerability from cvelistv5
Published
2006-10-18 19:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/20410 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1017018 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061009 Limitations in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"name": "20410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20410"
},
{
"name": "1017018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user\u0027s SSL VPN session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-08T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061009 Limitations in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"name": "20410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20410"
},
{
"name": "1017018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user\u0027s SSL VPN session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061009 Limitations in Cisco Secure Desktop",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"name": "20410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20410"
},
{
"name": "1017018",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5393",
"datePublished": "2006-10-18T19:00:00",
"dateReserved": "2006-10-18T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5807
Vulnerability from cvelistv5
Published
2006-11-08 22:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion".
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30130 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1017195 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/22747 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/30307 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2006/4409 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/20964 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-csd-application-security-bypass(30130)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30130"
},
{
"name": "1017195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "22747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22747"
},
{
"name": "30307",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30307"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "20964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka \"System Policy Evasion\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-csd-application-security-bypass(30130)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30130"
},
{
"name": "1017195",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "22747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22747"
},
{
"name": "30307",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30307"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "20964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20964"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka \"System Policy Evasion\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-csd-application-security-bypass(30130)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30130"
},
{
"name": "1017195",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "22747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22747"
},
{
"name": "30307",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30307"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "20964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20964"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5807",
"datePublished": "2006-11-08T22:00:00",
"dateReserved": "2006-11-08T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0926
Vulnerability from cvelistv5
Published
2011-02-25 17:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/0513 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65755 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/516647/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/8105 | third-party-advisory, x_refsource_SREASON | |
| http://www.securitytracker.com/id?1025118 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-091/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/46536 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"name": "cisco-securedesktop-activex-code-execution(65755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65755"
},
{
"name": "20110223 ZDI-11-091: (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516647/100/0/threaded"
},
{
"name": "8105",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8105"
},
{
"name": "1025118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-091/"
},
{
"name": "46536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2011-0513",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"name": "cisco-securedesktop-activex-code-execution(65755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65755"
},
{
"name": "20110223 ZDI-11-091: (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516647/100/0/threaded"
},
{
"name": "8105",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8105"
},
{
"name": "1025118",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-091/"
},
{
"name": "46536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"name": "cisco-securedesktop-activex-code-execution(65755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65755"
},
{
"name": "20110223 ZDI-11-091: (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516647/100/0/threaded"
},
{
"name": "8105",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8105"
},
{
"name": "1025118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025118"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-091/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-091/"
},
{
"name": "46536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-0926",
"datePublished": "2011-02-25T17:00:00",
"dateReserved": "2011-02-10T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0589
Vulnerability from cvelistv5
Published
2010-04-15 17:00
Modified
2024-08-07 00:52
Severity ?
EPSS score ?
Summary
The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-072/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/39478 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57812 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1023881 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100414 Cisco Secure Desktop ActiveX Control Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-072/"
},
{
"name": "39478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39478"
},
{
"name": "cisco-csdwebinstaller-code-execution(57812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57812"
},
{
"name": "1023881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20100414 Cisco Secure Desktop ActiveX Control Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-072/"
},
{
"name": "39478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39478"
},
{
"name": "cisco-csdwebinstaller-code-execution(57812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57812"
},
{
"name": "1023881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100414 Cisco Secure Desktop ActiveX Control Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-072/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-072/"
},
{
"name": "39478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39478"
},
{
"name": "cisco-csdwebinstaller-code-execution(57812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57812"
},
{
"name": "1023881",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0589",
"datePublished": "2010-04-15T17:00:00",
"dateReserved": "2010-02-10T00:00:00",
"dateUpdated": "2024-08-07T00:52:19.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5008
Vulnerability from cvelistv5
Published
2010-10-12 21:00
Modified
2024-09-16 22:57
Severity ?
EPSS score ?
Summary
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.infradead.org/openconnect.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.infradead.org/openconnect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-12T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.infradead.org/openconnect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.infradead.org/openconnect.html",
"refsource": "MISC",
"url": "http://www.infradead.org/openconnect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5008",
"datePublished": "2010-10-12T21:00:00Z",
"dateReserved": "2010-10-12T00:00:00Z",
"dateUpdated": "2024-09-16T22:57:06.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2495
Vulnerability from cvelistv5
Published
2012-06-20 20:00
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-20T20:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-2495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-2495",
"datePublished": "2012-06-20T20:00:00Z",
"dateReserved": "2012-05-07T00:00:00Z",
"dateUpdated": "2024-09-16T18:28:53.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2006-10-18 19:07
Modified
2024-11-21 00:19
Severity ?
Summary
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F91DD0D2-B573-4FE3-933A-02E8F4D35E56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user\u0027s SSL VPN session."
},
{
"lang": "es",
"value": "Cisco Secure Desktop (CSD) no requiere que el valor del registro sea 1 para el ClearPageFileAtShutdown (aka CCE-Winv2.0-407), el cual puede permitir a los usuarios locales la lectura de ciertas p\u00e1ginas de memoria que fueron escritas durante otra sesi\u00f3n SSL VPN para un usuario diferente."
}
],
"id": "CVE-2006-5393",
"lastModified": "2024-11-21T00:19:03.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-18T19:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017018"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20410"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-08 22:07
Modified
2024-11-21 00:20
Severity ?
Summary
Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B",
"versionEndIncluding": "3.1.1.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka \"System Policy Evasion\"."
},
{
"lang": "es",
"value": "Cisco Secure Desktop (CSD) en versiones anteriores a la 3.1.1.45 permite a usuarios locales salirse del escritorio seguro mediante el uso de ciertas aplicaciones que permiten el intercambio entre dicho escritorio y el escritorio por defecto, tambi\u00e9n conocido como \"System Policy Evasion\"."
}
],
"id": "CVE-2006-5807",
"lastModified": "2024-11-21T00:20:38.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-08T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22747"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017195"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30307"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20964"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30130"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-28 16:00
Modified
2024-11-21 01:25
Severity ?
Summary
The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F91DD0D2-B573-4FE3-933A-02E8F4D35E56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926."
},
{
"lang": "es",
"value": "El control CSDWebInstallerCtrl ActiveX en CSDWebInstaller.ocx en Cisco Secure Desktop (CSD) permite a atacantes remotos descargar un programa Cisco no deseado en un equipo cliente, y ejecutar este programa, mediante la identificaci\u00f3n de un programa Cisco con una firma digital Cisco y despu\u00e9s renombrando este programa a inst.exe, una vulnerabilidad diferente que CVE-2010-0589 y CVE-2011-0926."
}
],
"id": "CVE-2011-0925",
"lastModified": "2024-11-21T01:25:10.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-28T16:00:01.320",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://securityreason.com/securityalert/8108"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/archive/1/516648/100/0/threaded"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/46538"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1025118"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"source": "ykramarz@cisco.com",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-092/"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516648/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-092/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65754"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-08 22:07
Modified
2024-11-21 00:20
Severity ?
Summary
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * | |
| cisco | secure_desktop | 3.1.1.27 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B",
"versionEndIncluding": "3.1.1.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
},
{
"lang": "es",
"value": "La instalaci\u00f3n del Cisco Secure Desktop (CSD) en versiones anteriores a la 3.1.1.45 utiliza permisos inseguros por defecto (todos los usuarios control total) para el directorio CSD y su directorio padre, que permite a usuarios locales conseguir privilegios mediante la sustituci\u00f3n de ejecutables del CSD, tambi\u00e9n conocido como \"Local Privilege Escalation\"."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Cisco Secure Desktop, 3.1.1.45",
"id": "CVE-2006-5808",
"lastModified": "2024-11-21T00:20:38.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-08T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22747"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017195"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30308"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20964"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-14 05:52
Modified
2024-11-21 01:10
Severity ?
Summary
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F91DD0D2-B573-4FE3-933A-02E8F4D35E56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file."
},
{
"lang": "es",
"value": "Cisco Secure Desktop (CDS), cuando se utiliza junto con un servidor AnyConnect SSL VPN, no realiza debidamente la verificaci\u00f3n, lo cual permite a usuarios locales eludir las restricciones de pol\u00edticas a trav\u00e9s de un archivo ejecutable modificado."
}
],
"id": "CVE-2009-5008",
"lastModified": "2024-11-21T01:10:58.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-14T05:52:19.713",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.infradead.org/openconnect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.infradead.org/openconnect.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-25 18:00
Modified
2024-11-21 01:25
Severity ?
Summary
A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F91DD0D2-B573-4FE3-933A-02E8F4D35E56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589."
},
{
"lang": "es",
"value": "Un determinado control ActiveX en CSDWebInstaller.ocx en Cisco Secure Desktop (CDS) no verifica correctamente la firma de un programa descargado no especificado, permitiendo a atacantes remotos ejecutar c\u00f3digo arbitrario por suplantaci\u00f3n de identidad del proceso de instalaci\u00f3n de CDS, una vulnerabilidad diferente de CVE-2010-0589."
}
],
"id": "CVE-2011-0926",
"lastModified": "2024-11-21T01:25:11.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-25T18:00:01.277",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://securityreason.com/securityalert/8105"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/archive/1/516647/100/0/threaded"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/46536"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1025118"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-091/"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516647/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-091/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65755"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-08 22:07
Modified
2024-11-21 00:20
Severity ?
Summary
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B",
"versionEndIncluding": "3.1.1.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data."
},
{
"lang": "es",
"value": "El SSL VPN Client del Cisco Secure Desktop en versiones anteriores a la 3.1.1.45, cuando se est\u00e1 creando la configuraci\u00f3n de un buscador web despu\u00e9s de una conexi\u00f3n con \u00e9xito, almacena informaci\u00f3n sensible de la sesi\u00f3n del buscador en un directorio externo al CSD y permite al usuario guardar ficheros fuera de la parte segura, que no son borrados una vez que la conexi\u00f3n VPN finaliza con lo que permite a usuarios locales leer datos codificados."
}
],
"id": "CVE-2006-5806",
"lastModified": "2024-11-21T00:20:37.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-08T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22747"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017195"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30306"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20964"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30129"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-03 18:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * | |
| cisco | adaptive_security_appliance_software | * | |
| cisco | adaptive_security_appliance_software | * | |
| cisco | adaptive_security_appliance_software | * | |
| cisco | asa_5500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC48C90-696C-482D-B660-492F8BBECEC0",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94AC3E6A-FB01-49C9-A544-7EC0F2C65BD7",
"versionEndExcluding": "8.1\\(2.7\\)",
"versionStartIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2AA086-59B1-40A1-9FF5-53A1E55038B7",
"versionEndExcluding": "8.0\\(5\\)",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA8D2A3-7F68-44E6-9E8E-D64A0C920772",
"versionEndExcluding": "8.2\\(1\\)",
"versionStartIncluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7018906A-ACDF-4D7B-B816-ED9C235BF04E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en +CSCOT+/translation en Cisco Secure Desktop v3.4.2048, y otras versiones anteriores a la v3.5; tal y como lo utiliza el appliance Cisco ASA anteriores a v8.2(1), v8.1(2.7), y v8.0(5); permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s de un par\u00e1metro POST manipulado, el cual no es correctamente gestionado por una declaraci\u00f3n eval en binary/mainv.js que escribe start.html."
}
],
"evaluatorImpact": "Per: http://tools.cisco.com/security/center/viewAlert.x?alertId=19843\r\n\r\n\"Cisco Secure Desktop versions prior to 3.5 are vulnerable. Cisco Secure Desktop is a component of Cisco ASA 5500 Series Adaptive Security Appliances. Cisco ASA appliances are vulnerable only if the Cisco Secure Desktop feature has been enabled. Cisco ASA appliance versions prior to 8.2(1), 8.1(2.7), and 8.0(5) are vulnerable.\"",
"id": "CVE-2010-0440",
"lastModified": "2024-11-21T01:12:13.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-03T18:30:00.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38397"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19843"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/content/cisco-secure-desktop-xss"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/509290/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/37960"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/content/cisco-secure-desktop-xss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/509290/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/37960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0273"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-20 20:55
Modified
2024-11-21 01:39
Severity ?
Summary
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | anyconnect_secure_mobility_client | 3.0 | |
| cisco | secure_desktop | * | |
| cisco | secure_desktop | 3.1 | |
| cisco | secure_desktop | 3.1.1 | |
| cisco | secure_desktop | 3.1.1.27 | |
| cisco | secure_desktop | 3.1.1.33 | |
| cisco | secure_desktop | 3.1.1.45 | |
| cisco | secure_desktop | 3.2 | |
| cisco | secure_desktop | 3.2.1 | |
| cisco | secure_desktop | 3.3 | |
| cisco | secure_desktop | 3.4 | |
| cisco | secure_desktop | 3.4.1 | |
| cisco | secure_desktop | 3.4.2 | |
| cisco | secure_desktop | 3.4.2048 | |
| cisco | secure_desktop | 3.5 | |
| cisco | secure_desktop | 3.5.841 | |
| cisco | secure_desktop | 3.5.1077 | |
| cisco | secure_desktop | 3.5.2001 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1A7236-46E3-487A-998B-4D72A5EEA004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "404A7711-C463-4471-A6BD-DD99B3795312",
"versionEndIncluding": "3.5.2008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE6B79A-FD31-4637-BE22-EEADF63B94FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2F8EA5-8DEF-48D0-9E7F-6047D4AECC5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F13E414E-E56E-496E-A952-F93DCF1B1BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "21F5DFB0-21F4-45F7-B4AF-000B24DEA596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A8878-2E0F-4140-86DF-75999B47E4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4932BA9E-4156-4445-93E9-7A9F1D81090B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3497EB29-C406-44C1-AB28-0DDC4E79A9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C63D54D-6424-4767-9832-41E7F0B1D1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D4CF6F-2F81-45B0-9B5B-C8D79E74D6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA0286A4-6011-41DF-B607-44CFBBFD437F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2048:*:*:*:*:*:*:*",
"matchCriteriaId": "FE277431-4101-4C0F-91DB-A1C15C0344FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4142FB07-D5F0-4209-B0DE-67B768D7BDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.841:*:*:*:*:*:*:*",
"matchCriteriaId": "85641AF5-7A5B-4146-9806-E055420DB3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.1077:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FC538-64F7-4F3D-9FAE-82D5015737DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.2001:*:*:*:*:*:*:*",
"matchCriteriaId": "4F72D901-C62C-41A0-8D68-72CB9508E507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de HostScan en Cisco AnyConnect Secure Mobility Client v3.x antes de v3.0 MR8 y Cisco Secure Desktop antes de v3.6.6020 no compara la marca de tiempo del software ofrecido con la marca de tiempo del software instalado, lo que permite forzar una rebaja de la versi\u00f3n a atacantes remotos mediante el uso de componentes (1) ActiveX o (2) Java para ofrecer c\u00f3digo firmado que corresponde a una versi\u00f3n anterior del software. Se trata de un prblema tambi\u00e9n conocido como Bug ID CSCtx74235."
}
],
"id": "CVE-2012-2495",
"lastModified": "2024-11-21T01:39:09.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-20T20:55:02.590",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-24 17:55
Modified
2024-11-21 01:43
Severity ?
Summary
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | 3.1 | |
| cisco | secure_desktop | 3.1.1 | |
| cisco | secure_desktop | 3.1.1.27 | |
| cisco | secure_desktop | 3.1.1.33 | |
| cisco | secure_desktop | 3.1.1.45 | |
| cisco | secure_desktop | 3.2 | |
| cisco | secure_desktop | 3.2.1 | |
| cisco | secure_desktop | 3.3 | |
| cisco | secure_desktop | 3.4 | |
| cisco | secure_desktop | 3.4.1 | |
| cisco | secure_desktop | 3.4.2 | |
| cisco | secure_desktop | 3.4.2048 | |
| cisco | secure_desktop | 3.5 | |
| cisco | secure_desktop | 3.5.841 | |
| cisco | secure_desktop | 3.5.1077 | |
| cisco | secure_desktop | 3.5.2001 | |
| cisco | secure_desktop | 3.5.2008 | |
| cisco | secure_desktop | 3.6 | |
| cisco | secure_desktop | 3.6.181 | |
| cisco | secure_desktop | 3.6.185 | |
| cisco | secure_desktop | 3.6.1001 | |
| cisco | secure_desktop | 3.6.2002 | |
| cisco | secure_desktop | 3.6.3002 | |
| cisco | secure_desktop | 3.6.4021 | |
| cisco | secure_desktop | 3.6.5005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE6B79A-FD31-4637-BE22-EEADF63B94FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2F8EA5-8DEF-48D0-9E7F-6047D4AECC5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F13E414E-E56E-496E-A952-F93DCF1B1BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "21F5DFB0-21F4-45F7-B4AF-000B24DEA596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A8878-2E0F-4140-86DF-75999B47E4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4932BA9E-4156-4445-93E9-7A9F1D81090B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3497EB29-C406-44C1-AB28-0DDC4E79A9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C63D54D-6424-4767-9832-41E7F0B1D1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D4CF6F-2F81-45B0-9B5B-C8D79E74D6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA0286A4-6011-41DF-B607-44CFBBFD437F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2048:*:*:*:*:*:*:*",
"matchCriteriaId": "FE277431-4101-4C0F-91DB-A1C15C0344FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4142FB07-D5F0-4209-B0DE-67B768D7BDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.841:*:*:*:*:*:*:*",
"matchCriteriaId": "85641AF5-7A5B-4146-9806-E055420DB3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.1077:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FC538-64F7-4F3D-9FAE-82D5015737DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.2001:*:*:*:*:*:*:*",
"matchCriteriaId": "4F72D901-C62C-41A0-8D68-72CB9508E507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.2008:*:*:*:*:*:*:*",
"matchCriteriaId": "D79AB614-C5B3-4116-B957-A42F6AD0DD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9273F0F3-38F2-45AE-8453-1004A7CE91EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.181:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A4F9A8-DB02-45A0-ABE4-08683C798CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.185:*:*:*:*:*:*:*",
"matchCriteriaId": "71AF8E5A-42C5-42CB-8890-6F00BC1C471A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.1001:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA7E7CD-E877-4868-B868-AF77F931F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.2002:*:*:*:*:*:*:*",
"matchCriteriaId": "93F2063D-7955-4217-A13D-217ED25C5DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.3002:*:*:*:*:*:*:*",
"matchCriteriaId": "BA30F821-2963-4431-B25F-BB061CBCBE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.4021:*:*:*:*:*:*:*",
"matchCriteriaId": "689D7A99-1CB3-4930-8A0B-466DDC718D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.5005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9C94C7-3E8A-4E3A-A88F-648F755D3C3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204."
},
{
"lang": "es",
"value": "La funcionalidad WebLaunch en Cisco Secure Desktop antes de v3.6.6020 no valida adecuadamente los binarios recibidos por el proceso de descarga, lo que permite a cualquier atacante ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con (1) ActiveX o (2) componentes Java. El problema esta identificado con los Bug IDs CSCtz76128 y CSCtz78204."
}
],
"id": "CVE-2012-4655",
"lastModified": "2024-11-21T01:43:17.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-24T17:55:07.157",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/50669"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/55606"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-18 19:07
Modified
2024-11-21 00:19
Severity ?
Summary
The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F91DD0D2-B573-4FE3-933A-02E8F4D35E56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Cisco Secure Desktop (CSD) has an unchecked \"Disable printing\" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user\u0027s SSL VPN session."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto del Cisco Secure Desktop (CSD)-Escritorio de Seguridad de Cisco- tiene deshabilitada la opci\u00f3n \"Disable printing\" en la Secure Desktop Settings -Configuraci\u00f3n de Seguridad del Escritorio-, lo que permite a los usuarios locales la lectura de datos que fueron enviados a la impresora durante otra sesi\u00f3n SSL VPN para un usuario diferente."
}
],
"id": "CVE-2006-5394",
"lastModified": "2024-11-21T00:19:03.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-18T19:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017018"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20410"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-17 01:59
Modified
2024-11-21 02:23
Severity ?
Summary
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd | Mitigation, Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032140 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032140 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B1CD7-A62B-4B19-99B1-876A6F4813D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "89CA2699-7B66-4BFA-A1B8-2708F12D5F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2F8EA5-8DEF-48D0-9E7F-6047D4AECC5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "21F5DFB0-21F4-45F7-B4AF-000B24DEA596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "66D3F03B-3B28-4A3C-900E-9B69BEBD5EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2.0.136:*:*:*:*:*:*:*",
"matchCriteriaId": "6532A12D-93A9-4BF7-984A-9F683BD79253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2.1.103:*:*:*:*:*:*:*",
"matchCriteriaId": "98A6CCB3-EE2A-4880-8C19-4227A16C8EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2.1.126:*:*:*:*:*:*:*",
"matchCriteriaId": "30FA0F88-45CC-4AFA-864D-674BD0B98B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "A83EDA6C-CB7F-4E75-B8DD-4A68AAC4F1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.3.0.118:*:*:*:*:*:*:*",
"matchCriteriaId": "05C6754E-D07C-400E-91A1-1FF7D58FB6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.3.0.151:*:*:*:*:*:*:*",
"matchCriteriaId": "0153181F-53C9-453D-8FE9-2F6CD28C42D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.3_base:*:*:*:*:*:*:*",
"matchCriteriaId": "63B62AD7-FA10-401A-A971-436F1A569DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.0373:*:*:*:*:*:*:*",
"matchCriteriaId": "8902AA77-A1DD-4574-9372-21966A5D9083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.1108:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8A8E4A-980A-4451-BE99-548910BAB988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2048:*:*:*:*:*:*:*",
"matchCriteriaId": "FE277431-4101-4C0F-91DB-A1C15C0344FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4_base:*:*:*:*:*:*:*",
"matchCriteriaId": "B7944946-5409-46D1-B0A7-45258381AB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.841:*:*:*:*:*:*:*",
"matchCriteriaId": "85641AF5-7A5B-4146-9806-E055420DB3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.1077:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FC538-64F7-4F3D-9FAE-82D5015737DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.2001:*:*:*:*:*:*:*",
"matchCriteriaId": "4F72D901-C62C-41A0-8D68-72CB9508E507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.2003:*:*:*:*:*:*:*",
"matchCriteriaId": "3D66E2FC-03B9-4DFA-9482-BEB324710850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5.2008:*:*:*:*:*:*:*",
"matchCriteriaId": "D79AB614-C5B3-4116-B957-A42F6AD0DD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "E76EE9E1-9F27-4AA5-ADA4-BC412E19DE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.181:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A4F9A8-DB02-45A0-ABE4-08683C798CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.185:*:*:*:*:*:*:*",
"matchCriteriaId": "71AF8E5A-42C5-42CB-8890-6F00BC1C471A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.1001:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA7E7CD-E877-4868-B868-AF77F931F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.2002:*:*:*:*:*:*:*",
"matchCriteriaId": "93F2063D-7955-4217-A13D-217ED25C5DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.3002:*:*:*:*:*:*:*",
"matchCriteriaId": "BA30F821-2963-4431-B25F-BB061CBCBE27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.4021:*:*:*:*:*:*:*",
"matchCriteriaId": "689D7A99-1CB3-4930-8A0B-466DDC718D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.5005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9C94C7-3E8A-4E3A-A88F-648F755D3C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.6020:*:*:*:*:*:*:*",
"matchCriteriaId": "E85C2E16-2FA7-4810-A79A-64DD0A45D8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.6104:*:*:*:*:*:*:*",
"matchCriteriaId": "7C34D6B4-540B-4A30-AB7D-6FB3890AF427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.6203:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD98EEB-4457-4F10-A3E0-C11C38A30914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.6210:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9319D8-95C9-47B2-9D9D-969B288E5C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.6228:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A0928D-BBE5-4AC0-AC8E-CAA121FB9B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.6234:*:*:*:*:*:*:*",
"matchCriteriaId": "156B35FE-BE52-490C-B9CA-C269C8013830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6.6249:*:*:*:*:*:*:*",
"matchCriteriaId": "C95ECD0C-E1FE-46C2-A1C3-64CF36C6BF76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.6_base:*:*:*:*:*:*:*",
"matchCriteriaId": "59E3328E-EAE8-474F-A9DA-B6D397EBC24B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001."
},
{
"lang": "es",
"value": "Cierto fichero Cisco JAR, distribuido en Cache Cleaner en Cisco Secure Desktop (CSD), permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como Bug ID CSCup83001."
}
],
"id": "CVE-2015-0691",
"lastModified": "2024-11-21T02:23:32.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-17T01:59:25.420",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032140"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-15 17:30
Modified
2024-11-21 01:12
Severity ?
Summary
The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_desktop | * | |
| cisco | secure_desktop | 3.1 | |
| cisco | secure_desktop | 3.1.1 | |
| cisco | secure_desktop | 3.1.1.27 | |
| cisco | secure_desktop | 3.1.1.33 | |
| cisco | secure_desktop | 3.2 | |
| cisco | secure_desktop | 3.2.1 | |
| cisco | secure_desktop | 3.3 | |
| cisco | secure_desktop | 3.4 | |
| cisco | secure_desktop | 3.4.1 | |
| cisco | secure_desktop | 3.4.2 | |
| cisco | secure_desktop | 3.4.2048 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5E0489-A3D0-4FA8-BF36-7C329090F075",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE6B79A-FD31-4637-BE22-EEADF63B94FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2F8EA5-8DEF-48D0-9E7F-6047D4AECC5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F13E414E-E56E-496E-A952-F93DCF1B1BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A8878-2E0F-4140-86DF-75999B47E4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4932BA9E-4156-4445-93E9-7A9F1D81090B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3497EB29-C406-44C1-AB28-0DDC4E79A9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6C63D54D-6424-4767-9832-41E7F0B1D1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D4CF6F-2F81-45B0-9B5B-C8D79E74D6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA0286A4-6011-41DF-B607-44CFBBFD437F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2048:*:*:*:*:*:*:*",
"matchCriteriaId": "FE277431-4101-4C0F-91DB-A1C15C0344FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876."
},
{
"lang": "es",
"value": "El control ActiveX Web Install ActiveX en Cisco Secure Desktop (CSD) anterior a v3.5.841, no verifica adecuadamente las firmas de los programas descargados, lo que permite a atacantes remotos forzar las descargas y ejecuciones de archivos de su elecci\u00f3n a trav\u00e9s de una p\u00e1gina web manipulada. Tambi\u00e9n conocido con el Bug ID CSCta25876."
}
],
"id": "CVE-2010-0589",
"lastModified": "2024-11-21T01:12:30.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-15T17:30:00.523",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://securitytracker.com/id?1023881"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/39478"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-072/"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-072/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57812"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}