Search criteria
54 vulnerabilities found for vpn_client by cisco
FKIE_CVE-2015-7600
Vulnerability from fkie_nvd - Published: 2015-10-06 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 5.0 | |
| cisco | vpn_client | 5.0.01 | |
| cisco | vpn_client | 5.0.01.0600 | |
| cisco | vpn_client | 5.0.2 | |
| cisco | vpn_client | 5.0.02.0090 | |
| cisco | vpn_client | 5.0.2.0090 | |
| cisco | vpn_client | 5.0.03.0530 | |
| cisco | vpn_client | 5.0.03.0560 | |
| cisco | vpn_client | 5.0.04.0300 | |
| cisco | vpn_client | 5.0.5 | |
| cisco | vpn_client | 5.0.05.0290 | |
| cisco | vpn_client | 5.0.6 | |
| cisco | vpn_client | 5.0.06.0160 | |
| cisco | vpn_client | 5.0.7 | |
| cisco | vpn_client | 5.0.7.0240 | |
| cisco | vpn_client | 5.0.7.0290 | |
| cisco | vpn_client | 5.0.07.0290 | |
| cisco | vpn_client | 5.0.07.0410 | |
| cisco | vpn_client | 5.0.07.0440 | |
| cisco | vpn_client | 5.0.7.0440 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F8D296-8C41-4ACF-97A1-B046CE18C623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A241A0DC-E0C0-40FF-825F-3BFD04EF05C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "58FB3744-3107-410F-8E03-228060A95018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51BB77A8-9610-4622-855E-F41D4DE8BF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.02.0090:*:*:*:*:*:*:*",
"matchCriteriaId": "7093F844-3939-481C-9D76-DC9812309474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3D6BB1-BDCB-46A1-A213-17CB1F46683F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0530:*:*:*:*:*:*:*",
"matchCriteriaId": "F1845EE7-185C-4537-B968-10F1E20082B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0560:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D44782-3DD1-45DA-9457-8B6D07E12B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.04.0300:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FED413-4C1E-45C2-B2CC-5C70079B00F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA1A681-3063-4894-BA84-846CFCE35D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.05.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC5508A-92AC-437A-A55E-2A864A757BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7072DB27-CFE9-4D5D-A912-608A719E72CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.06.0160:*:*:*:*:*:*:*",
"matchCriteriaId": "54DE7A64-BF7C-4062-9315-18AD3D5F6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "34B077DB-FBD7-4B15-B682-5A8912A07727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0240:*:*:*:*:*:*:*",
"matchCriteriaId": "15B23F91-9BA0-4C07-ACAC-315C846F2754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "B348A7D4-6753-4464-B1B8-1B94E09F65B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "465D80AD-7622-440F-BFF5-C94C62A3E905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0410:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8659A2-717E-4D8B-8877-B0FACF39C599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0440:*:*:*:*:*:*:*",
"matchCriteriaId": "32B0C059-A4A1-4F31-B561-F1611814004C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0440:*:*:*:*:*:*:*",
"matchCriteriaId": "288C2815-C809-423E-AB62-BBE19F692F6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
},
{
"lang": "es",
"value": "Cisco VPN Client 5.x hasta la versi\u00f3n 5.0.07.0440 utiliza permisos d\u00e9biles para vpnclient.ini, lo que permite a usuarios locales obtener privilegios mediante la entrada de un nombre de programa arbitrario en el campo Command de la secci\u00f3n ApplicationLauncher."
}
],
"id": "CVE-2015-7600",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-06T17:59:27.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033750"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5429
Vulnerability from fkie_nvd - Published: 2013-01-17 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | * | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "099829D2-EC37-4BEF-91B7-375478189C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669."
},
{
"lang": "es",
"value": "El controlador de VPN en Cisco VPN Client en Windows no trata interactua correctamente con el n\u00facleo, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (fallo del n\u00facleo y ca\u00edda del sistema) a trav\u00e9s de una aplicaci\u00f3n hecha a mano. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCuc81669."
}
],
"id": "CVE-2012-5429",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-17T21:55:00.887",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3052
Vulnerability from fkie_nvd - Published: 2012-09-16 10:34 - Updated: 2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 5.0 | |
| cisco | vpn_client | 5.0.01 | |
| cisco | vpn_client | 5.0.01.0600 | |
| cisco | vpn_client | 5.0.2 | |
| cisco | vpn_client | 5.0.02.0090 | |
| cisco | vpn_client | 5.0.2.0090 | |
| cisco | vpn_client | 5.0.03.0530 | |
| cisco | vpn_client | 5.0.03.0560 | |
| cisco | vpn_client | 5.0.04.0300 | |
| cisco | vpn_client | 5.0.5 | |
| cisco | vpn_client | 5.0.05.0290 | |
| cisco | vpn_client | 5.0.6 | |
| cisco | vpn_client | 5.0.06.0160 | |
| cisco | vpn_client | 5.0.7 | |
| cisco | vpn_client | 5.0.07.0290 | |
| cisco | vpn_client | 5.0.07.0410 | |
| cisco | vpn_client | 5.0.07.0440 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F8D296-8C41-4ACF-97A1-B046CE18C623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "A241A0DC-E0C0-40FF-825F-3BFD04EF05C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "58FB3744-3107-410F-8E03-228060A95018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51BB77A8-9610-4622-855E-F41D4DE8BF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.02.0090:*:*:*:*:*:*:*",
"matchCriteriaId": "7093F844-3939-481C-9D76-DC9812309474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3D6BB1-BDCB-46A1-A213-17CB1F46683F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0530:*:*:*:*:*:*:*",
"matchCriteriaId": "F1845EE7-185C-4537-B968-10F1E20082B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0560:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D44782-3DD1-45DA-9457-8B6D07E12B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.04.0300:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FED413-4C1E-45C2-B2CC-5C70079B00F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA1A681-3063-4894-BA84-846CFCE35D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.05.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC5508A-92AC-437A-A55E-2A864A757BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7072DB27-CFE9-4D5D-A912-608A719E72CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.06.0160:*:*:*:*:*:*:*",
"matchCriteriaId": "54DE7A64-BF7C-4062-9315-18AD3D5F6FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "34B077DB-FBD7-4B15-B682-5A8912A07727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "465D80AD-7622-440F-BFF5-C94C62A3E905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0410:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8659A2-717E-4D8B-8877-B0FACF39C599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0440:*:*:*:*:*:*:*",
"matchCriteriaId": "32B0C059-A4A1-4F31-B561-F1611814004C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747."
},
{
"lang": "es",
"value": "Vulnerabilidad de path de b\u00fasqueda no confiable en Cisco VPN Client v5.0 permite a usuarios locales obtener privilegios a trav\u00e9s de un fichero .dll troyanizado en el directorio de trabajo actual tambi\u00e9n conocido como Bug ID CSCua28747."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2012-3052",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-16T10:34:50.457",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-2678
Vulnerability from fkie_nvd - Published: 2011-07-07 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 5.0.7.0240 | |
| cisco | vpn_client | 5.0.7.0290 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0240:*:*:*:*:*:*:*",
"matchCriteriaId": "15B23F91-9BA0-4C07-ACAC-315C846F2754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0290:*:*:*:*:*:*:*",
"matchCriteriaId": "B348A7D4-6753-4464-B1B8-1B94E09F65B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."
},
{
"lang": "es",
"value": "El cliente VPN de Cisco v5.0.7.0240 y v5.0.7.0290 en plataformas de 64 bits de Windows utiliza permisos d\u00e9biles (NT AUTHORITY\\ INTERACTIVE:F) para cvpnd.exe, lo que permite a usuarios locales obtener privilegios mediante la sustituci\u00f3n de este archivo ejecutable por un programa de su elecci\u00f3n. Problema tambien conocido como, Bug ID CSCtn50645. NOTA: esta vulnerabilidad existe debido a una regresi\u00f3n de CVE-2007-4415."
}
],
"id": "CVE-2011-2678",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-07T19:55:03.210",
"references": [
{
"source": "cve@mitre.org",
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4118
Vulnerability from fkie_nvd - Published: 2009-12-01 00:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 | |
| cisco | vpn_client | 3.0.5 | |
| cisco | vpn_client | 3.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1c | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 3.6.5 | |
| cisco | vpn_client | 4.7.00.0000 | |
| cisco | vpn_client | 4.8.00.0000 | |
| cisco | vpn_client | 4.8.00.0440 | |
| cisco | vpn_client | 4.8.1 | |
| cisco | vpn_client | 4.8.01 | |
| cisco | vpn_client | 4.8.02.0010 | |
| cisco | vpn_client | 4.9 | |
| cisco | vpn_client | 5.0.00.340 | |
| cisco | vpn_client | 5.0.01 | |
| cisco | vpn_client | 5.0.01.0600 | |
| cisco | vpn_client | 5.0.2.0090 | |
| cisco | vpn_client | 5.0.02.0090 | |
| cisco | vpn_client | 0490 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "D4BFB291-672C-437E-BBF4-B00D89C11EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*",
"matchCriteriaId": "76060A99-ED0C-4125-B67E-FA8E4F57AAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6.5:base:windows:*:*:*:*:*",
"matchCriteriaId": "1DED262D-1757-4E0A-8AB4-E76CF2E30131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.7.00.0000:*:windows:*:*:*:*:*",
"matchCriteriaId": "2039E7C3-E623-4ADC-B851-55BC33FA760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.00.0000:*:windows:*:*:*:*:*",
"matchCriteriaId": "4C3777CC-C18F-4F93-8DD4-A0A348EDA1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.00.0440:*:windows:*:*:*:*:*",
"matchCriteriaId": "CD4F8C6B-6134-4049-AA55-F229ABEC59EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "8FD6C3C5-A7D3-4208-A23C-BA7D5626FB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.01:base:windows:*:*:*:*:*",
"matchCriteriaId": "5BAD012F-35CA-4C78-9825-C7C12B99DC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.02.0010:base:windows:*:*:*:*:*",
"matchCriteriaId": "8E793DFC-403A-4077-92C0-9D2F8FB01F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.9:base:windows:*:*:*:*:*",
"matchCriteriaId": "69C15D7C-024E-460B-A7D4-B2D28A77EB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.00.340:base:windows:*:*:*:*:*",
"matchCriteriaId": "422898BF-B544-4A36-8A05-1A8FFF63EE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01:*:windows:*:*:*:*:*",
"matchCriteriaId": "C7255DB0-EB00-44E5-A9DC-D0908090E99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:base:windows:*:*:*:*:*",
"matchCriteriaId": "8263AEA7-D507-4036-AF23-B451B92F5726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF3345B2-964B-49CF-9531-69B129A57AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.02.0090:base:windows:*:*:*:*:*",
"matchCriteriaId": "02241496-C9CD-486C-B675-830B6E28A860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:0490:base:windows:*:*:*:*:*",
"matchCriteriaId": "AA0BC63F-B1FF-4ED3-A02E-6DED9CEBC14F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running."
},
{
"lang": "es",
"value": "La funci\u00f3n StartServiceCtrlDispatcher en el servicio cvpnd (cvpnd.exe) del cliente Cisco VPN para Windows versiones anteriores a 5.0.06.0100 no maneja correctamente un error ERROR_FAILED_SERVICE_CONTROLLER_CONNECT, permitiendo que usuarios locales provoquen una denegaci\u00f3n de servicio (parada del servicio y perdida de conexi\u00f3n VPN) mediante un inicio manual de cvpnd.exe mientras se est\u00e1 ejecutando el servicio cvpnd."
}
],
"id": "CVE-2009-4118",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-01T00:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37419"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37077"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0324
Vulnerability from fkie_nvd - Published: 2008-01-17 03:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 5.0.2.0090 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:windows:*:*:*:*:*",
"matchCriteriaId": "DF3345B2-964B-49CF-9531-69B129A57AF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption."
},
{
"lang": "es",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda) llamando as IOCTL 0x80002038 con valor de tama\u00f1o peque\u00f1o, lo cual provoca una corrupci\u00f3n de memoria."
}
],
"id": "CVE-2008-0324",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-17T03:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28472"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27289"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019240"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/27289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4911"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4414
Vulnerability from fkie_nvd - Published: 2007-08-18 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "12379BCF-94AA-40BA-A245-06517D982339",
"versionEndIncluding": "4.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the \"Start Before Logon\" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box."
},
{
"lang": "es",
"value": "Cisco VPN Client sobre Windows anterior a 4.8.02.0010 permite a usuarios locales obtener privilegios habilitando las opciones \"Iniciar Antes del Inicio de Sesi\u00f3n\" (Start Before Logon o SBL) y Conexi\u00f3n de Acceso Telef\u00f3nico Remoto de Microsoft (Microsoft Dial-Up Networking), y despu\u00e9s interactuando con el cuadro de di\u00e1logo de conexi\u00f3n de acceso remoto."
}
],
"id": "CVE-2007-4414",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-18T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26459"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018573"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4415
Vulnerability from fkie_nvd - Published: 2007-08-18 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | * | |
| cisco | vpn_client | 5.0.01.0600 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:windows:*:*:*:*:*",
"matchCriteriaId": "17848271-64A7-4807-B1FB-01A66E91E8CB",
"versionEndIncluding": "5.0.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:*",
"matchCriteriaId": "58FB3744-3107-410F-8E03-228060A95018",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe."
},
{
"lang": "es",
"value": "Cisco VPN Client sobre Windows anterior a 5.0.01.0600, y la versi\u00f3n 5.0.01.0600 InstallShield (IS), utiliza permisos d\u00e9biles para cvpnd.exe (modificando los privilegios en Interactive Users), lo cual permite a usuarios locales ganar privilegios a trav\u00e9s de un cvpnd.exe modificado."
}
],
"id": "CVE-2007-4415",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-18T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26459"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3023"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1467
Vulnerability from fkie_nvd - Published: 2007-03-16 21:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:acs_solution_engine:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2053FEE9-7DE5-4C5E-B2C1-5652301DBFFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:acs_solution_engine:4.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "3436B987-134F-47FD-94A9-B22E1D6E1F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A687E771-9653-4FB6-888C-C6D7874E8F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ip_communicator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2590B4-F61E-4ED9-B4B2-45227CDF8E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:meetingplace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41EEA208-7F2E-4E01-8C8C-29009161E6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_device_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42E7C476-E8CE-4CD4-9ED2-926B4BA6EDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713CDBB9-F841-455A-B173-7B239DF087D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_meetingplace_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8932A12B-BDAD-4078-92C3-720CE4E204CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_personal_communicator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC0A911-917D-426B-84D3-05BEAEE9C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_video_advantage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1BDD7B4-CD06-44D9-855B-30FFE673014E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_videoconferencing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B50D62D1-83D3-4347-A979-503294EC4B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_videoconferencing_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19065178-BD77-4ED5-AE31-9904E348B2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "2BD00D0A-EB6E-41AA-851D-9DD258E23BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "88EB557F-33CD-40FE-B470-04F93CB2F3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "F2EEB23E-4592-49A1-BDC6-110580340AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "D548CEFE-1970-42D3-9039-196A3B5F5D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:solaris:*:*:*:*:*",
"matchCriteriaId": "2D4BDB9B-99D8-42B7-8D57-2B57029220F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:linux:*:*:*:*:*",
"matchCriteriaId": "B2F5C5E1-59A5-4402-BF6A-DDD05F8F07F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "269EE54C-B6C7-4F3E-B4ED-12CF9F277569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2b:*:solaris:*:*:*:*:*",
"matchCriteriaId": "12A573DB-1D58-4A78-85C6-B2A3B09F34B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "DEB505B7-54A0-4A53-81FC-9E6635A50BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "1728BA7D-0124-4E7B-9D0A-549DB87F3732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.4:*:solaris:*:*:*:*:*",
"matchCriteriaId": "DD1D17D3-F56E-47FC-90F9-54AC4446CB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "9A9F7CE9-771E-4F0C-B4DD-B9517F70BBCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "0C7B2037-406B-4A18-9B5D-D3F206C58AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6:*:solaris:*:*:*:*:*",
"matchCriteriaId": "08A9E927-1092-4F6A-A099-DB80EA060F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "872A3F31-1008-416A-9881-803E7DF11B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "50FB297D-5289-46D1-82C2-E83C3020895C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.6.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "D88E0D0C-03EF-4528-93C9-97B39342CA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2a:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "4C111372-50F2-4F3E-8DFE-1EB5509B489C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2a:*:solaris:*:*:*:*:*",
"matchCriteriaId": "B19317CB-C159-4BEF-B8F8-A919E8DF6783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2c:*:mac_os_x:*:*:*:*:*",
"matchCriteriaId": "B7C7C00F-72E3-41E1-A763-0209AF639053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.0.2c:*:solaris:*:*:*:*:*",
"matchCriteriaId": "B205CD80-4469-4DA9-B0E1-73C2B83E33D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "8FD6C3C5-A7D3-4208-A23C-BA7D5626FB92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFD455A-7E41-4C95-A1E9-1A4867DA4F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_controllers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88AB3CC-4F0E-4A82-B4F0-13EDA4948BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wireless_lan_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDEE04C-0231-42F7-9736-EB3B7A020E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DE5E22-DF93-46BE-85A3-D4E04379E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD82BCCE-F68A-48A5-B484-98D9C3024E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wireless_control_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF3680D-50CB-4854-84B8-34129DDB2A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de campos de texto de un formulario de b\u00fasqueda."
}
],
"id": "CVE-2007-1467",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-16T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24499"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2437"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22982"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017778"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0973"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-2679
Vulnerability from fkie_nvd - Published: 2006-05-31 10:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_client | 2.0 | |
| cisco | vpn_client | 3.0 | |
| cisco | vpn_client | 3.0.5 | |
| cisco | vpn_client | 3.1 | |
| cisco | vpn_client | 3.5.1 | |
| cisco | vpn_client | 3.5.1c | |
| cisco | vpn_client | 3.5.2 | |
| cisco | vpn_client | 4.7.00.0000 | |
| cisco | vpn_client | 4.8.00.0000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "D4BFB291-672C-437E-BBF4-B00D89C11EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*",
"matchCriteriaId": "76060A99-ED0C-4125-B67E-FA8E4F57AAB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*",
"matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.7.00.0000:*:windows:*:*:*:*:*",
"matchCriteriaId": "2039E7C3-E623-4ADC-B851-55BC33FA760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.00.0000:*:windows:*:*:*:*:*",
"matchCriteriaId": "4C3777CC-C18F-4F93-8DD4-A0A348EDA1D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."
}
],
"id": "CVE-2006-2679",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-31T10:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20261"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25888"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18094"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-7600 (GCVE-0-2015-7600)
Vulnerability from cvelistv5 – Published: 2015-10-06 17:00 – Updated: 2024-08-06 07:51
VLAI?
Summary
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/",
"refsource": "MISC",
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7600",
"datePublished": "2015-10-06T17:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5429 (GCVE-0-2012-5429)
Vulnerability from cvelistv5 – Published: 2013-01-17 21:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-17T21:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-5429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-5429",
"datePublished": "2013-01-17T21:00:00Z",
"dateReserved": "2012-10-17T00:00:00Z",
"dateUpdated": "2024-09-17T03:03:37.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3052 (GCVE-0-2012-3052)
Vulnerability from cvelistv5 – Published: 2012-09-16 10:00 – Updated: 2024-09-17 02:16
VLAI?
Summary
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-16T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-3052",
"datePublished": "2012-09-16T10:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-17T02:16:36.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2678 (GCVE-0-2011-2678)
Vulnerability from cvelistv5 – Published: 2011-07-07 19:00 – Updated: 2024-08-06 23:08
VLAI?
Summary
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"name": "http://isc.sans.edu/diary.html?storyid=11125",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2678",
"datePublished": "2011-07-07T19:00:00",
"dateReserved": "2011-07-07T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4118 (GCVE-0-2009-4118)
Vulnerability from cvelistv5 – Published: 2009-12-01 00:00 – Updated: 2024-09-16 16:13
VLAI?
Summary
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-01T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37419"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4118",
"datePublished": "2009-12-01T00:00:00Z",
"dateReserved": "2009-11-30T00:00:00Z",
"dateUpdated": "2024-09-16T16:13:26.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0324 (GCVE-0-2008-0324)
Vulnerability from cvelistv5 – Published: 2008-01-17 02:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0324",
"datePublished": "2008-01-17T02:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4415 (GCVE-0-2007-4415)
Vulnerability from cvelistv5 – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4415",
"datePublished": "2007-08-18T21:00:00",
"dateReserved": "2007-08-18T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4414 (GCVE-0-2007-4414)
Vulnerability from cvelistv5 – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the \"Start Before Logon\" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the \"Start Before Logon\" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4414",
"datePublished": "2007-08-18T21:00:00",
"dateReserved": "2007-08-18T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1467 (GCVE-0-2007-1467)
Vulnerability from cvelistv5 – Published: 2007-03-16 21:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1467",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2679 (GCVE-0-2006-2679)
Vulnerability from cvelistv5 – Published: 2006-05-31 10:00 – Updated: 2024-08-07 17:58
VLAI?
Summary
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016156",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016156",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016156",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2679",
"datePublished": "2006-05-31T10:00:00",
"dateReserved": "2006-05-30T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7600 (GCVE-0-2015-7600)
Vulnerability from nvd – Published: 2015-10-06 17:00 – Updated: 2024-08-06 07:51
VLAI?
Summary
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/",
"refsource": "MISC",
"url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
},
{
"name": "1033750",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7600",
"datePublished": "2015-10-06T17:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5429 (GCVE-0-2012-5429)
Vulnerability from nvd – Published: 2013-01-17 21:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-17T21:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-5429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130112 Cisco VPN Client Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-5429",
"datePublished": "2013-01-17T21:00:00Z",
"dateReserved": "2012-10-17T00:00:00Z",
"dateUpdated": "2024-09-17T03:03:37.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3052 (GCVE-0-2012-3052)
Vulnerability from nvd – Published: 2012-09-16 10:00 – Updated: 2024-09-17 02:16
VLAI?
Summary
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-16T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-3052",
"datePublished": "2012-09-16T10:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-17T02:16:36.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2678 (GCVE-0-2011-2678)
Vulnerability from nvd – Published: 2011-07-07 19:00 – Updated: 2024-08-06 23:08
VLAI?
Summary
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"
},
{
"name": "http://isc.sans.edu/diary.html?storyid=11125",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary.html?storyid=11125"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "8297",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8297"
},
{
"name": "cisco-vpn-cvpnd-priv-esc(68485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2678",
"datePublished": "2011-07-07T19:00:00",
"dateReserved": "2011-07-07T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4118 (GCVE-0-2009-4118)
Vulnerability from nvd – Published: 2009-12-01 00:00 – Updated: 2024-09-16 16:13
VLAI?
Summary
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-01T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37419"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt"
},
{
"name": "ADV-2009-3296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3296"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19445"
},
{
"name": "37077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4118",
"datePublished": "2009-12-01T00:00:00Z",
"dateReserved": "2009-11-30T00:00:00Z",
"dateUpdated": "2024-09-16T16:13:26.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0324 (GCVE-0-2008-0324)
Vulnerability from nvd – Published: 2008-01-17 02:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-vpnclient-cvpndrva-dos(39694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39694"
},
{
"name": "ADV-2008-0170",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0170"
},
{
"name": "1019240",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019240"
},
{
"name": "28472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28472"
},
{
"name": "4911",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4911"
},
{
"name": "27289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0324",
"datePublished": "2008-01-17T02:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4415 (GCVE-0-2007-4415)
Vulnerability from nvd – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070816 Local privilege escalation vulnerability in Cisco VPN client",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476812/100/0/threaded"
},
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "3023",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3023"
},
{
"name": "26459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "1018573",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018573"
},
{
"name": "cisco-vpn-cvpnd-privilege-escalation(36032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4415",
"datePublished": "2007-08-18T21:00:00",
"dateReserved": "2007-08-18T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4414 (GCVE-0-2007-4414)
Vulnerability from nvd – Published: 2007-08-18 21:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the \"Start Before Logon\" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the \"Start Before Logon\" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"
},
{
"name": "ADV-2007-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2903"
},
{
"name": "26459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26459"
},
{
"name": "25332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25332"
},
{
"name": "cisco-vpn-dialup-privilege-escalation(36029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36029"
},
{
"name": "1018573",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4414",
"datePublished": "2007-08-18T21:00:00",
"dateReserved": "2007-08-18T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1467 (GCVE-0-2007-1467)
Vulnerability from nvd – Published: 2007-03-16 21:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070315 XSS vulnerability in the online help system of several Cisco products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462932/100/0/threaded"
},
{
"name": "20070315 Cross-Site Scripting Vulnerability in Online Help System",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html"
},
{
"name": "2437",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2437"
},
{
"name": "24499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24499"
},
{
"name": "cisco-presearch-xss(33024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33024"
},
{
"name": "1017778",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017778"
},
{
"name": "20070315 Re: XSS vulnerability in the online help system of several Cisco products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462944/100/0/threaded"
},
{
"name": "22982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22982"
},
{
"name": "ADV-2007-0973",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1467",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2679 (GCVE-0-2006-2679)
Vulnerability from nvd – Published: 2006-05-31 10:00 – Updated: 2024-08-07 17:58
VLAI?
Summary
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016156",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016156",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016156",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016156"
},
{
"name": "ADV-2006-1964",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1964"
},
{
"name": "cisco-winvpn-privilege-escalation(26632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632"
},
{
"name": "25888",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25888"
},
{
"name": "20060524 Windows VPN Client Local Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml"
},
{
"name": "20261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20261"
},
{
"name": "18094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2679",
"datePublished": "2006-05-31T10:00:00",
"dateReserved": "2006-05-30T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}