CVE-2008-5121 (GCVE-0-2008-5121)

Vulnerability from cvelistv5 – Published: 2008-11-18 00:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.kb.cert.org/vuls/id/858993 third-party-advisoryx_refsource_CERT-VN
http://www.vupen.com/english/advisories/2008/1867 vdb-entryx_refsource_VUPEN
https://www.exploit-db.com/exploits/5837 exploitx_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2008/1868 vdb-entryx_refsource_VUPEN
http://www.digit-labs.org/files/exploits/dne2000-call.c x_refsource_MISC
http://secunia.com/advisories/30728 third-party-advisoryx_refsource_SECUNIA
http://support.citrix.com/article/CTX117751 x_refsource_CONFIRM
http://www.securityfocus.com/bid/29772 vdb-entryx_refsource_BID
http://securityreason.com/securityalert/4600 third-party-advisoryx_refsource_SREASON
http://www.vupen.com/english/advisories/2008/1865 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/30753 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2008/1866 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/30744 third-party-advisoryx_refsource_SECUNIA
http://tools.cisco.com/Support/BugToolKit/search/… x_refsource_MISC
http://secunia.com/advisories/30747 third-party-advisoryx_refsource_SECUNIA
Date Public ?
2008-06-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:40:17.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#858993",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/858993"
          },
          {
            "name": "ADV-2008-1867",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1867"
          },
          {
            "name": "5837",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5837"
          },
          {
            "name": "ADV-2008-1868",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1868"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
          },
          {
            "name": "30728",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30728"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX117751"
          },
          {
            "name": "29772",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29772"
          },
          {
            "name": "4600",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4600"
          },
          {
            "name": "ADV-2008-1865",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1865"
          },
          {
            "name": "30753",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30753"
          },
          {
            "name": "multiple-vendors-dne2000-priv-escalation(43153)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
          },
          {
            "name": "ADV-2008-1866",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1866"
          },
          {
            "name": "30744",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30744"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
          },
          {
            "name": "30747",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30747"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#858993",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/858993"
        },
        {
          "name": "ADV-2008-1867",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1867"
        },
        {
          "name": "5837",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5837"
        },
        {
          "name": "ADV-2008-1868",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1868"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
        },
        {
          "name": "30728",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30728"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX117751"
        },
        {
          "name": "29772",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29772"
        },
        {
          "name": "4600",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4600"
        },
        {
          "name": "ADV-2008-1865",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1865"
        },
        {
          "name": "30753",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30753"
        },
        {
          "name": "multiple-vendors-dne2000-priv-escalation(43153)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
        },
        {
          "name": "ADV-2008-1866",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1866"
        },
        {
          "name": "30744",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30744"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
        },
        {
          "name": "30747",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30747"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5121",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#858993",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/858993"
            },
            {
              "name": "ADV-2008-1867",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1867"
            },
            {
              "name": "5837",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5837"
            },
            {
              "name": "ADV-2008-1868",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1868"
            },
            {
              "name": "http://www.digit-labs.org/files/exploits/dne2000-call.c",
              "refsource": "MISC",
              "url": "http://www.digit-labs.org/files/exploits/dne2000-call.c"
            },
            {
              "name": "30728",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30728"
            },
            {
              "name": "http://support.citrix.com/article/CTX117751",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX117751"
            },
            {
              "name": "29772",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29772"
            },
            {
              "name": "4600",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4600"
            },
            {
              "name": "ADV-2008-1865",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1865"
            },
            {
              "name": "30753",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30753"
            },
            {
              "name": "multiple-vendors-dne2000-priv-escalation(43153)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153"
            },
            {
              "name": "ADV-2008-1866",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1866"
            },
            {
              "name": "30744",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30744"
            },
            {
              "name": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860",
              "refsource": "MISC",
              "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860"
            },
            {
              "name": "30747",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30747"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5121",
    "datePublished": "2008-11-18T00:00:00.000Z",
    "dateReserved": "2008-11-17T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:40:17.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-5121",
      "date": "2026-04-26",
      "epss": "0.0035",
      "percentile": "0.57499"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F0D8E9-67F6-4484-9BD1-A16228A41D0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"153E29F0-3E68-4CF3-B5B3-8A63E101A650\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:bluecoat:winproxy:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC5D863E-670D-4849-960B-FEEA70C95E74\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"099829D2-EC37-4BEF-91B7-375478189C1B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:safenet:highassurance_remote:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7212B1EF-2AD3-42DD-A6D7-DB18F3ED2923\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:safenet:softremote_vpn_client:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C384818-1B30-4EBA-99DE-E64008F72985\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\\\\\.\\\\DNE device interface.\"}, {\"lang\": \"es\", \"value\": \"dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a trav\\u00e9s de una petici\\u00f3n DNE_IOCTL DeviceIoControl modificada a la interfaz  de dispositivo \\\\\\\\.\\\\DNE .\\r\\n\\r\\n\"}]",
      "id": "CVE-2008-5121",
      "lastModified": "2024-11-21T00:53:20.093",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-11-18T00:30:00.517",
      "references": "[{\"url\": \"http://secunia.com/advisories/30728\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30744\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30747\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30753\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/4600\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.citrix.com/article/CTX117751\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.digit-labs.org/files/exploits/dne2000-call.c\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/858993\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/29772\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1865\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1866\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1867\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1868\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43153\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/5837\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30728\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30744\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30747\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30753\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/4600\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.citrix.com/article/CTX117751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.digit-labs.org/files/exploits/dne2000-call.c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/858993\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/29772\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1865\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1866\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1867\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1868\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/43153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/5837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5121\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-11-18T00:30:00.517\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\\\\\.\\\\DNE device interface.\"},{\"lang\":\"es\",\"value\":\"dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a trav\u00e9s de una petici\u00f3n DNE_IOCTL DeviceIoControl modificada a la interfaz  de dispositivo \\\\\\\\.\\\\DNE .\\r\\n\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F0D8E9-67F6-4484-9BD1-A16228A41D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"153E29F0-3E68-4CF3-B5B3-8A63E101A650\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:bluecoat:winproxy:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC5D863E-670D-4849-960B-FEEA70C95E74\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"099829D2-EC37-4BEF-91B7-375478189C1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:safenet:highassurance_remote:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7212B1EF-2AD3-42DD-A6D7-DB18F3ED2923\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:safenet:softremote_vpn_client:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C384818-1B30-4EBA-99DE-E64008F72985\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/30728\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30744\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30747\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30753\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/4600\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.citrix.com/article/CTX117751\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.digit-labs.org/files/exploits/dne2000-call.c\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/858993\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/29772\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1865\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1866\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1867\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1868\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43153\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/5837\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30747\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.citrix.com/article/CTX117751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails\u0026bugId=CSCsm25860\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.digit-labs.org/files/exploits/dne2000-call.c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/858993\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/29772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1866\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1867\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/5837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.