All the vulnerabilites related to cisco - vpn_client
cve-2012-3052
Vulnerability from cvelistv5
Published
2012-09-16 10:00
Modified
2024-09-17 02:16
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-16T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-3052",
"datePublished": "2012-09-16T10:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-17T02:16:36.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0853
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.kb.cert.org/vuls/id/287771 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/5440 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9821.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:48.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
},
{
"name": "VU#287771",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/287771"
},
{
"name": "5440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5440"
},
{
"name": "cisco-vpn-zerolength-dos(9821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9821.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
},
{
"name": "VU#287771",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/287771"
},
{
"name": "5440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5440"
},
{
"name": "cisco-vpn-zerolength-dos(9821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9821.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
},
{
"name": "VU#287771",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/287771"
},
{
"name": "5440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5440"
},
{
"name": "cisco-vpn-zerolength-dos(9821)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9821.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0853",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-12T00:00:00",
"dateUpdated": "2024-08-08T03:03:48.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4415
Vulnerability from cvelistv5
Published
2007-08-18 21:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/476812/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2007/2903 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/3023 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/26459 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25332 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1018573 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36032 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4415",
"datePublished": "2007-08-18T21:00:00",
"dateReserved": "2007-08-18T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0852
Vulnerability from cvelistv5
Published
2002-08-14 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-08-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020812 Cisco VPN Client Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0852",
"datePublished": "2002-08-14T04:00:00",
"dateReserved": "2002-08-12T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1105
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/5650 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10044 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "5650",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5650"
},
{
"name": "cisco-vpn-obtain-password(10044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "5650",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5650"
},
{
"name": "cisco-vpn-obtain-password(10044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "5650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5650"
},
{
"name": "cisco-vpn-obtain-password(10044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1105",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2678
Vulnerability from cvelistv5
Published
2011-07-07 19:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/518638/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://isc.sans.edu/diary.html?storyid=11125 | x_refsource_MISC | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml | vendor-advisory, x_refsource_CISCO | |
| http://securityreason.com/securityalert/8297 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68485 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"name": "http://isc.sans.edu/diary.html?storyid=11125",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2678",
"datePublished": "2011-07-07T19:00:00",
"dateReserved": "2011-07-07T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7600
Vulnerability from cvelistv5
Published
2015-10-06 17:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/ | x_refsource_MISC | |
| http://www.securitytracker.com/id/1033750 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/",
"refsource": "MISC",
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7600",
"datePublished": "2015-10-06T17:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4414
Vulnerability from cvelistv5
Published
2007-08-18 21:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2007/2903 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26459 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25332 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36029 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1018573 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the \"Start Before Logon\" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the \"Start Before Logon\" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4414",
"datePublished": "2007-08-18T21:00:00",
"dateReserved": "2007-08-18T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0324
Vulnerability from cvelistv5
Published
2008-01-17 02:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39694 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/0170 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1019240 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/28472 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.exploit-db.com/exploits/4911 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/27289 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0324",
"datePublished": "2008-01-17T02:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4118
Vulnerability from cvelistv5
Published
2009-12-01 00:00
Modified
2024-09-16 16:13
Severity ?
EPSS score ?
Summary
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37419 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2009/3296 | vdb-entry, x_refsource_VUPEN | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=19445 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/37077 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-01T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37419"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4118",
"datePublished": "2009-12-01T00:00:00Z",
"dateReserved": "2009-11-30T00:00:00Z",
"dateUpdated": "2024-09-16T16:13:26.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5121
Vulnerability from cvelistv5
Published
2008-11-18 00:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#858993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"name": "ADV-2008-1867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"name": "5837",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5837"
},
{
"name": "ADV-2008-1868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"name": "30728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX117751"
},
{
"name": "29772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29772"
},
{
"name": "4600",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4600"
},
{
"name": "ADV-2008-1865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"name": "30753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30753"
},
{
"name": "multiple-vendors-dne2000-priv-escalation(43153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"name": "ADV-2008-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"name": "30744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"name": "30747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#858993",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"name": "ADV-2008-1867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"name": "5837",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5837"
},
{
"name": "ADV-2008-1868",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"name": "30728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX117751"
},
{
"name": "29772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29772"
},
{
"name": "4600",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4600"
},
{
"name": "ADV-2008-1865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"name": "30753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30753"
},
{
"name": "multiple-vendors-dne2000-priv-escalation(43153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"name": "ADV-2008-1866",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"name": "30744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"name": "30747",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#858993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"name": "ADV-2008-1867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"name": "5837",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5837"
},
{
"name": "ADV-2008-1868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"name": "http://www.digit-labs.org/files/exploits/dne2000-call.c",
"refsource": "MISC",
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"name": "30728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30728"
},
{
"name": "http://support.citrix.com/article/CTX117751",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX117751"
},
{
"name": "29772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29772"
},
{
"name": "4600",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4600"
},
{
"name": "ADV-2008-1865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"name": "30753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30753"
},
{
"name": "multiple-vendors-dne2000-priv-escalation(43153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"name": "ADV-2008-1866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"name": "30744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30744"
},
{
"name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860",
"refsource": "MISC",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"name": "30747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5121",
"datePublished": "2008-11-18T00:00:00",
"dateReserved": "2008-11-17T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1467
Vulnerability from cvelistv5
Published
2007-03-16 21:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/462932/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html | vendor-advisory, x_refsource_CISCO | |
| http://securityreason.com/securityalert/2437 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/24499 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1017778 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/462944/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/22982 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/0973 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1467",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1447
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:26
Severity ?
EPSS score ?
Summary
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt | x_refsource_MISC | |
| http://www.iss.net/security_center/static/9376.php | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/277653 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5056 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt"
},
{
"name": "ciscovpn-profile-name-bo(9376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9376.php"
},
{
"name": "20020619 [AP] Cisco vpnclient buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/277653"
},
{
"name": "5056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5056"
},
{
"name": "20020619 Buffer Overflow in UNIX VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt"
},
{
"name": "ciscovpn-profile-name-bo(9376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9376.php"
},
{
"name": "20020619 [AP] Cisco vpnclient buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/277653"
},
{
"name": "5056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5056"
},
{
"name": "20020619 Buffer Overflow in UNIX VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt",
"refsource": "MISC",
"url": "http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt"
},
{
"name": "ciscovpn-profile-name-bo(9376)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9376.php"
},
{
"name": "20020619 [AP] Cisco vpnclient buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/277653"
},
{
"name": "5056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5056"
},
{
"name": "20020619 Buffer Overflow in UNIX VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1447",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-05T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1104
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10042 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/5649 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-vpn-tcp-dos(10042)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "5649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-vpn-tcp-dos(10042)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "5649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-vpn-tcp-dos(10042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "5649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1104",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1108
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10047 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5651 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-vpn-tcp-filter(10047)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10047"
},
{
"name": "5651",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5651"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-vpn-tcp-filter(10047)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10047"
},
{
"name": "5651",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5651"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-vpn-tcp-filter(10047)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10047"
},
{
"name": "5651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5651"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1108",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2679
Vulnerability from cvelistv5
Published
2006-05-31 10:00
Modified
2024-08-07 17:58
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016156 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/1964 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26632 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/25888 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/20261 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18094 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016156",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016156",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016156",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2679",
"datePublished": "2006-05-31T10:00:00",
"dateReserved": "2006-05-30T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1106
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10045 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5652 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "cisco-vpn-certificate-mitm(10045)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10045"
},
{
"name": "5652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "cisco-vpn-certificate-mitm(10045)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10045"
},
{
"name": "5652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "cisco-vpn-certificate-mitm(10045)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10045"
},
{
"name": "5652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1106",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1107
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10046 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5653 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-vpn-random-numbers(10046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10046"
},
{
"name": "5653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5653"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-07-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-vpn-random-numbers(10046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10046"
},
{
"name": "5653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5653"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-vpn-random-numbers(10046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10046"
},
{
"name": "5653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5653"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1107",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5429
Vulnerability from cvelistv5
Published
2013-01-17 21:00
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-17T21:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-5429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-5429",
"datePublished": "2013-01-17T21:00:00Z",
"dateReserved": "2012-10-17T00:00:00Z",
"dateUpdated": "2024-09-17T03:03:37.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS)."
}
],
"id": "CVE-2002-1104",
"lastModified": "2024-11-20T23:40:36.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5649"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-09-05 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "2BD00D0A-EB6E-41AA-851D-9DD258E23BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "3FB66EB9-9FE9-4B13-9E5F-E9DEDCD0E3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "88EB557F-33CD-40FE-B470-04F93CB2F3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "F2EEB23E-4592-49A1-BDC6-110580340AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "D548CEFE-1970-42D3-9039-196A3B5F5D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
"matchCriteriaId": "2D4BDB9B-99D8-42B7-8D57-2B57029220F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Cliente de Red Privada Virtual (VPN) de Cisco 3.5.4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio mediante\r\nun Intecambio de Clave de Intenet (Internet Key Exchange - IKE) con un contenido \u00fatil (payload) de una \u00cdndice de Par\u00e1metro de Seguridad (Security Parameter Index - SQI) largo, o\r\nun paquete IKE con un n\u00famero grande de contenidos \u00fatiles v\u00e1lidos."
}
],
"id": "CVE-2002-0852",
"lastModified": "2024-11-20T23:40:01.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 | |
| cisco | vpn_client | 3.1 | |
| cisco | vpn_client | 3.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password."
}
],
"id": "CVE-2002-1105",
"lastModified": "2024-11-20T23:40:36.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5650"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10044"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-18 21:17
Modified
2024-11-21 00:35
Severity ?
Summary
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | * | |
| cisco | vpn_client | 5.0.01.0600 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "17848271-64A7-4807-B1FB-01A66E91E8CB",
"versionEndIncluding": "5.0.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "58FB3744-3107-410F-8E03-228060A95018",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe."
},
{
"lang": "es",
"value": "Cisco VPN Client sobre Windows anterior a 5.0.01.0600, y la versi\u00f3n 5.0.01.0600 InstallShield (IS), utiliza permisos d\u00e9biles para cvpnd.exe (modificando los privilegios en Interactive Users), lo cual permite a usuarios locales ganar privilegios a trav\u00e9s de un cvpnd.exe modificado."
}
],
"id": "CVE-2007-4415",
"lastModified": "2024-11-21T00:35:32.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-18T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26459"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3023"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-31 10:06
Modified
2024-11-21 00:11
Severity ?
Summary
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 | |
| cisco | vpn_client | 3.0.5 | |
| cisco | vpn_client | 3.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1c | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 4.7.00.0000 | |
| cisco | vpn_client | 4.8.00.0000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "D4BFB291-672C-437E-BBF4-B00D89C11EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*",
"matchCriteriaId": "76060A99-ED0C-4125-B67E-FA8E4F57AAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.7.00.0000:*:windows:*:*:*:*:*",
"matchCriteriaId": "2039E7C3-E623-4ADC-B851-55BC33FA760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.00.0000:*:windows:*:*:*:*:*",
"matchCriteriaId": "4C3777CC-C18F-4F93-8DD4-A0A348EDA1D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."
}
],
"id": "CVE-2006-2679",
"lastModified": "2024-11-21T00:11:48.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-31T10:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20261"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25888"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18094"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-28 04:00
Modified
2024-11-20 23:41
Severity ?
Summary
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F96EAD5-07E2-4963-9CB9-BC512B2DD51D",
"versionEndIncluding": "3.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument."
}
],
"id": "CVE-2002-1447",
"lastModified": "2024-11-20T23:41:19.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/277653"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9376.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/277653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9376.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5056"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-16 21:19
Modified
2024-11-21 00:28
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:acs_solution_engine:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2053FEE9-7DE5-4C5E-B2C1-5652301DBFFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:acs_solution_engine:4.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "3436B987-134F-47FD-94A9-B22E1D6E1F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A687E771-9653-4FB6-888C-C6D7874E8F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ip_communicator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2590B4-F61E-4ED9-B4B2-45227CDF8E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:meetingplace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41EEA208-7F2E-4E01-8C8C-29009161E6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_device_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E7C476-E8CE-4CD4-9ED2-926B4BA6EDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713CDBB9-F841-455A-B173-7B239DF087D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_meetingplace_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8932A12B-BDAD-4078-92C3-720CE4E204CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_personal_communicator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC0A911-917D-426B-84D3-05BEAEE9C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_video_advantage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1BDD7B4-CD06-44D9-855B-30FFE673014E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_videoconferencing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B50D62D1-83D3-4347-A979-503294EC4B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_videoconferencing_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19065178-BD77-4ED5-AE31-9904E348B2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "2BD00D0A-EB6E-41AA-851D-9DD258E23BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "88EB557F-33CD-40FE-B470-04F93CB2F3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "F2EEB23E-4592-49A1-BDC6-110580340AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "D548CEFE-1970-42D3-9039-196A3B5F5D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
"matchCriteriaId": "2D4BDB9B-99D8-42B7-8D57-2B57029220F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:linux:*:*:*:*:*",
"matchCriteriaId": "B2F5C5E1-59A5-4402-BF6A-DDD05F8F07F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "269EE54C-B6C7-4F3E-B4ED-12CF9F277569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:solaris:*:*:*:*:*",
"matchCriteriaId": "12A573DB-1D58-4A78-85C6-B2A3B09F34B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "DEB505B7-54A0-4A53-81FC-9E6635A50BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "1728BA7D-0124-4E7B-9D0A-549DB87F3732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:solaris:*:*:*:*:*",
"matchCriteriaId": "DD1D17D3-F56E-47FC-90F9-54AC4446CB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "9A9F7CE9-771E-4F0C-B4DD-B9517F70BBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "0C7B2037-406B-4A18-9B5D-D3F206C58AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:solaris:*:*:*:*:*",
"matchCriteriaId": "08A9E927-1092-4F6A-A099-DB80EA060F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "872A3F31-1008-416A-9881-803E7DF11B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "50FB297D-5289-46D1-82C2-E83C3020895C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "D88E0D0C-03EF-4528-93C9-97B39342CA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2a:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "4C111372-50F2-4F3E-8DFE-1EB5509B489C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2a:*:solaris:*:*:*:*:*",
"matchCriteriaId": "B19317CB-C159-4BEF-B8F8-A919E8DF6783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2c:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "B7C7C00F-72E3-41E1-A763-0209AF639053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2c:*:solaris:*:*:*:*:*",
"matchCriteriaId": "B205CD80-4469-4DA9-B0E1-73C2B83E33D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "8FD6C3C5-A7D3-4208-A23C-BA7D5626FB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFD455A-7E41-4C95-A1E9-1A4867DA4F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88AB3CC-4F0E-4A82-B4F0-13EDA4948BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDEE04C-0231-42F7-9736-EB3B7A020E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD82BCCE-F68A-48A5-B484-98D9C3024E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF3680D-50CB-4854-84B8-34129DDB2A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de campos de texto de un formulario de b\u00fasqueda."
}
],
"id": "CVE-2007-1467",
"lastModified": "2024-11-21T00:28:22.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-16T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24499"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2437"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22982"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017778"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0973"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-17 03:00
Modified
2024-11-21 00:41
Severity ?
Summary
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 5.0.2.0090 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF3345B2-964B-49CF-9531-69B129A57AF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption."
},
{
"lang": "es",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda) llamando as IOCTL 0x80002038 con valor de tama\u00f1o peque\u00f1o, lo cual provoca una corrupci\u00f3n de memoria."
}
],
"id": "CVE-2008-0324",
"lastModified": "2024-11-21T00:41:39.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-17T03:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28472"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27289"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019240"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4911"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-17 21:55
Modified
2024-11-21 01:44
Severity ?
Summary
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | * | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "099829D2-EC37-4BEF-91B7-375478189C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669."
},
{
"lang": "es",
"value": "El controlador de VPN en Cisco VPN Client en Windows no trata interactua correctamente con el n\u00facleo, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (fallo del n\u00facleo y ca\u00edda del sistema) a trav\u00e9s de una aplicaci\u00f3n hecha a mano. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCuc81669."
}
],
"id": "CVE-2012-5429",
"lastModified": "2024-11-21T01:44:40.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-17T21:55:00.887",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 | |
| cisco | vpn_client | 3.0.5 | |
| cisco | vpn_client | 3.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1c | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "D4BFB291-672C-437E-BBF4-B00D89C11EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "2BD00D0A-EB6E-41AA-851D-9DD258E23BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "3FB66EB9-9FE9-4B13-9E5F-E9DEDCD0E3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "88EB557F-33CD-40FE-B470-04F93CB2F3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*",
"matchCriteriaId": "76060A99-ED0C-4125-B67E-FA8E4F57AAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "F2EEB23E-4592-49A1-BDC6-110580340AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "D548CEFE-1970-42D3-9039-196A3B5F5D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
"matchCriteriaId": "2D4BDB9B-99D8-42B7-8D57-2B57029220F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing."
}
],
"id": "CVE-2002-1107",
"lastModified": "2024-11-20T23:40:36.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5653"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-16 10:34
Modified
2024-11-21 01:40
Severity ?
Summary
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 5.0 | |
| cisco | vpn_client | 5.0.01 | |
| cisco | vpn_client | 5.0.01.0600 | |
| cisco | vpn_client | 5.0.2 | |
| cisco | vpn_client | 5.0.02.0090 | |
| cisco | vpn_client | 5.0.2.0090 | |
| cisco | vpn_client | 5.0.03.0530 | |
| cisco | vpn_client | 5.0.03.0560 | |
| cisco | vpn_client | 5.0.04.0300 | |
| cisco | vpn_client | 5.0.5 | |
| cisco | vpn_client | 5.0.05.0290 | |
| cisco | vpn_client | 5.0.6 | |
| cisco | vpn_client | 5.0.06.0160 | |
| cisco | vpn_client | 5.0.7 | |
| cisco | vpn_client | 5.0.07.0290 | |
| cisco | vpn_client | 5.0.07.0410 | |
| cisco | vpn_client | 5.0.07.0440 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F8D296-8C41-4ACF-97A1-B046CE18C623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A241A0DC-E0C0-40FF-825F-3BFD04EF05C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "58FB3744-3107-410F-8E03-228060A95018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51BB77A8-9610-4622-855E-F41D4DE8BF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.02.0090:*:*:*:*:*:*:*",
"matchCriteriaId": "7093F844-3939-481C-9D76-DC9812309474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3D6BB1-BDCB-46A1-A213-17CB1F46683F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0530:*:*:*:*:*:*:*",
"matchCriteriaId": "F1845EE7-185C-4537-B968-10F1E20082B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0560:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D44782-3DD1-45DA-9457-8B6D07E12B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.04.0300:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FED413-4C1E-45C2-B2CC-5C70079B00F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA1A681-3063-4894-BA84-846CFCE35D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.05.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC5508A-92AC-437A-A55E-2A864A757BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7072DB27-CFE9-4D5D-A912-608A719E72CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.06.0160:*:*:*:*:*:*:*",
"matchCriteriaId": "54DE7A64-BF7C-4062-9315-18AD3D5F6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "34B077DB-FBD7-4B15-B682-5A8912A07727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "465D80AD-7622-440F-BFF5-C94C62A3E905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0410:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8659A2-717E-4D8B-8877-B0FACF39C599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0440:*:*:*:*:*:*:*",
"matchCriteriaId": "32B0C059-A4A1-4F31-B561-F1611814004C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747."
},
{
"lang": "es",
"value": "Vulnerabilidad de path de b\u00fasqueda no confiable en Cisco VPN Client v5.0 permite a usuarios locales obtener privilegios a trav\u00e9s de un fichero .dll troyanizado en el directorio de trabajo actual tambi\u00e9n conocido como Bug ID CSCua28747."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2012-3052",
"lastModified": "2024-11-21T01:40:10.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-16T10:34:50.457",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-06 17:59
Modified
2024-11-21 02:37
Severity ?
Summary
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 5.0 | |
| cisco | vpn_client | 5.0.01 | |
| cisco | vpn_client | 5.0.01.0600 | |
| cisco | vpn_client | 5.0.2 | |
| cisco | vpn_client | 5.0.02.0090 | |
| cisco | vpn_client | 5.0.2.0090 | |
| cisco | vpn_client | 5.0.03.0530 | |
| cisco | vpn_client | 5.0.03.0560 | |
| cisco | vpn_client | 5.0.04.0300 | |
| cisco | vpn_client | 5.0.5 | |
| cisco | vpn_client | 5.0.05.0290 | |
| cisco | vpn_client | 5.0.6 | |
| cisco | vpn_client | 5.0.06.0160 | |
| cisco | vpn_client | 5.0.7 | |
| cisco | vpn_client | 5.0.7.0240 | |
| cisco | vpn_client | 5.0.7.0290 | |
| cisco | vpn_client | 5.0.07.0290 | |
| cisco | vpn_client | 5.0.07.0410 | |
| cisco | vpn_client | 5.0.07.0440 | |
| cisco | vpn_client | 5.0.7.0440 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F8D296-8C41-4ACF-97A1-B046CE18C623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A241A0DC-E0C0-40FF-825F-3BFD04EF05C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "58FB3744-3107-410F-8E03-228060A95018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51BB77A8-9610-4622-855E-F41D4DE8BF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.02.0090:*:*:*:*:*:*:*",
"matchCriteriaId": "7093F844-3939-481C-9D76-DC9812309474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3D6BB1-BDCB-46A1-A213-17CB1F46683F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0530:*:*:*:*:*:*:*",
"matchCriteriaId": "F1845EE7-185C-4537-B968-10F1E20082B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0560:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D44782-3DD1-45DA-9457-8B6D07E12B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.04.0300:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FED413-4C1E-45C2-B2CC-5C70079B00F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA1A681-3063-4894-BA84-846CFCE35D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.05.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC5508A-92AC-437A-A55E-2A864A757BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7072DB27-CFE9-4D5D-A912-608A719E72CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.06.0160:*:*:*:*:*:*:*",
"matchCriteriaId": "54DE7A64-BF7C-4062-9315-18AD3D5F6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "34B077DB-FBD7-4B15-B682-5A8912A07727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0240:*:*:*:*:*:*:*",
"matchCriteriaId": "15B23F91-9BA0-4C07-ACAC-315C846F2754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "B348A7D4-6753-4464-B1B8-1B94E09F65B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "465D80AD-7622-440F-BFF5-C94C62A3E905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0410:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8659A2-717E-4D8B-8877-B0FACF39C599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0440:*:*:*:*:*:*:*",
"matchCriteriaId": "32B0C059-A4A1-4F31-B561-F1611814004C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0440:*:*:*:*:*:*:*",
"matchCriteriaId": "288C2815-C809-423E-AB62-BBE19F692F6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
},
{
"lang": "es",
"value": "Cisco VPN Client 5.x hasta la versi\u00f3n 5.0.07.0440 utiliza permisos d\u00e9biles para vpnclient.ini, lo que permite a usuarios locales obtener privilegios mediante la entrada de un nombre de programa arbitrario en el campo Command de la secci\u00f3n ApplicationLauncher."
}
],
"id": "CVE-2015-7600",
"lastModified": "2024-11-21T02:37:02.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-06T17:59:27.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033750"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-07 19:55
Modified
2024-11-21 01:28
Severity ?
Summary
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 5.0.7.0240 | |
| cisco | vpn_client | 5.0.7.0290 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0240:*:*:*:*:*:*:*",
"matchCriteriaId": "15B23F91-9BA0-4C07-ACAC-315C846F2754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "B348A7D4-6753-4464-B1B8-1B94E09F65B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."
},
{
"lang": "es",
"value": "El cliente VPN de Cisco v5.0.7.0240 y v5.0.7.0290 en plataformas de 64 bits de Windows utiliza permisos d\u00e9biles (NT AUTHORITY\\ INTERACTIVE:F) para cvpnd.exe, lo que permite a usuarios locales obtener privilegios mediante la sustituci\u00f3n de este archivo ejecutable por un programa de su elecci\u00f3n. Problema tambien conocido como, Bug ID CSCtn50645. NOTA: esta vulnerabilidad existe debido a una regresi\u00f3n de CVE-2007-4415."
}
],
"id": "CVE-2011-2678",
"lastModified": "2024-11-21T01:28:44.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-07T19:55:03.210",
"references": [
{
"source": "cve@mitre.org",
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 | |
| cisco | vpn_client | 3.0.5 | |
| cisco | vpn_client | 3.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "D4BFB291-672C-437E-BBF4-B00D89C11EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "2BD00D0A-EB6E-41AA-851D-9DD258E23BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "3FB66EB9-9FE9-4B13-9E5F-E9DEDCD0E3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "88EB557F-33CD-40FE-B470-04F93CB2F3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*",
"matchCriteriaId": "76060A99-ED0C-4125-B67E-FA8E4F57AAB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel."
}
],
"id": "CVE-2002-1108",
"lastModified": "2024-11-20T23:40:36.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5651"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10047"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-09-05 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "2BD00D0A-EB6E-41AA-851D-9DD258E23BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "3FB66EB9-9FE9-4B13-9E5F-E9DEDCD0E3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "88EB557F-33CD-40FE-B470-04F93CB2F3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "F2EEB23E-4592-49A1-BDC6-110580340AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "D548CEFE-1970-42D3-9039-196A3B5F5D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
"matchCriteriaId": "2D4BDB9B-99D8-42B7-8D57-2B57029220F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload."
},
{
"lang": "es",
"value": "El Cliente de Red Privada Virtual (VPN) de Cisco 3.5.4 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de CPU) mediante un paquete con una carga \u00fatil de longitud cero."
}
],
"id": "CVE-2002-0853",
"lastModified": "2024-11-20T23:40:02.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9821.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/287771"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9821.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/287771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5440"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 | |
| cisco | vpn_client | 3.1 | |
| cisco | vpn_client | 3.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks."
}
],
"id": "CVE-2002-1106",
"lastModified": "2024-11-20T23:40:36.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5652"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10045"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-01 00:30
Modified
2024-11-21 01:08
Severity ?
Summary
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 | |
| cisco | vpn_client | 3.0.5 | |
| cisco | vpn_client | 3.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1c | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.6.5 | |
| cisco | vpn_client | 4.7.00.0000 | |
| cisco | vpn_client | 4.8.00.0000 | |
| cisco | vpn_client | 4.8.00.0440 | |
| cisco | vpn_client | 4.8.1 | |
| cisco | vpn_client | 4.8.01 | |
| cisco | vpn_client | 4.8.02.0010 | |
| cisco | vpn_client | 4.9 | |
| cisco | vpn_client | 5.0.00.340 | |
| cisco | vpn_client | 5.0.01 | |
| cisco | vpn_client | 5.0.01.0600 | |
| cisco | vpn_client | 5.0.2.0090 | |
| cisco | vpn_client | 5.0.02.0090 | |
| cisco | vpn_client | 0490 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "D4BFB291-672C-437E-BBF4-B00D89C11EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*",
"matchCriteriaId": "76060A99-ED0C-4125-B67E-FA8E4F57AAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6.5:base:windows:*:*:*:*:*",
"matchCriteriaId": "1DED262D-1757-4E0A-8AB4-E76CF2E30131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.7.00.0000:*:windows:*:*:*:*:*",
"matchCriteriaId": "2039E7C3-E623-4ADC-B851-55BC33FA760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.00.0000:*:windows:*:*:*:*:*",
"matchCriteriaId": "4C3777CC-C18F-4F93-8DD4-A0A348EDA1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.00.0440:*:windows:*:*:*:*:*",
"matchCriteriaId": "CD4F8C6B-6134-4049-AA55-F229ABEC59EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "8FD6C3C5-A7D3-4208-A23C-BA7D5626FB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.01:base:windows:*:*:*:*:*",
"matchCriteriaId": "5BAD012F-35CA-4C78-9825-C7C12B99DC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.02.0010:base:windows:*:*:*:*:*",
"matchCriteriaId": "8E793DFC-403A-4077-92C0-9D2F8FB01F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.9:base:windows:*:*:*:*:*",
"matchCriteriaId": "69C15D7C-024E-460B-A7D4-B2D28A77EB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.00.340:base:windows:*:*:*:*:*",
"matchCriteriaId": "422898BF-B544-4A36-8A05-1A8FFF63EE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01:*:windows:*:*:*:*:*",
"matchCriteriaId": "C7255DB0-EB00-44E5-A9DC-D0908090E99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:base:windows:*:*:*:*:*",
"matchCriteriaId": "8263AEA7-D507-4036-AF23-B451B92F5726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF3345B2-964B-49CF-9531-69B129A57AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.02.0090:base:windows:*:*:*:*:*",
"matchCriteriaId": "02241496-C9CD-486C-B675-830B6E28A860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:0490:base:windows:*:*:*:*:*",
"matchCriteriaId": "AA0BC63F-B1FF-4ED3-A02E-6DED9CEBC14F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running."
},
{
"lang": "es",
"value": "La funci\u00f3n StartServiceCtrlDispatcher en el servicio cvpnd (cvpnd.exe) del cliente Cisco VPN para Windows versiones anteriores a 5.0.06.0100 no maneja correctamente un error ERROR_FAILED_SERVICE_CONTROLLER_CONNECT, permitiendo que usuarios locales provoquen una denegaci\u00f3n de servicio (parada del servicio y perdida de conexi\u00f3n VPN) mediante un inicio manual de cvpnd.exe mientras se est\u00e1 ejecutando el servicio cvpnd."
}
],
"id": "CVE-2009-4118",
"lastModified": "2024-11-21T01:08:58.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-01T00:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37419"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37077"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-18 00:30
Modified
2024-11-21 00:53
Severity ?
Summary
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| citrix | deterministic_network_enhancer | 2.21.7.223 | |
| citrix | deterministic_network_enhancer | 3.21.7.17464 | |
| bluecoat | winproxy | * | |
| cisco | vpn_client | * | |
| safenet | highassurance_remote | * | |
| safenet | softremote_vpn_client | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:*:*:*:*:*:*:*",
"matchCriteriaId": "10F0D8E9-67F6-4484-9BD1-A16228A41D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:*:*:*:*:*:*:*",
"matchCriteriaId": "153E29F0-3E68-4CF3-B5B3-8A63E101A650",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluecoat:winproxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5D863E-670D-4849-960B-FEEA70C95E74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "099829D2-EC37-4BEF-91B7-375478189C1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:safenet:highassurance_remote:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7212B1EF-2AD3-42DD-A6D7-DB18F3ED2923",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:safenet:softremote_vpn_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C384818-1B30-4EBA-99DE-E64008F72985",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."
},
{
"lang": "es",
"value": "dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a trav\u00e9s de una petici\u00f3n DNE_IOCTL DeviceIoControl modificada a la interfaz de dispositivo \\\\.\\DNE .\r\n\r\n"
}
],
"id": "CVE-2008-5121",
"lastModified": "2024-11-21T00:53:20.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-18T00:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30728"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30747"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30753"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4600"
},
{
"source": "cve@mitre.org",
"url": "http://support.citrix.com/article/CTX117751"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"source": "cve@mitre.org",
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29772"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX117751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/858993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-18 21:17
Modified
2024-11-21 00:35
Severity ?
Summary
Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "12379BCF-94AA-40BA-A245-06517D982339",
"versionEndIncluding": "4.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the \"Start Before Logon\" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box."
},
{
"lang": "es",
"value": "Cisco VPN Client sobre Windows anterior a 4.8.02.0010 permite a usuarios locales obtener privilegios habilitando las opciones \"Iniciar Antes del Inicio de Sesi\u00f3n\" (Start Before Logon o SBL) y Conexi\u00f3n de Acceso Telef\u00f3nico Remoto de Microsoft (Microsoft Dial-Up Networking), y despu\u00e9s interactuando con el cuadro de di\u00e1logo de conexi\u00f3n de acceso remoto."
}
],
"id": "CVE-2007-4414",
"lastModified": "2024-11-21T00:35:32.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-18T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26459"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018573"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}