cnvd - cnvd-2015-06564

CNVD-2015-06564

Vulnerability from cnvd - Published: 2015-10-16

Title

Cisco VPN Client权限提升漏洞

Description

Cisco VPN Client是一套跨平台的客户端软件。 Cisco VPN Client未能正确分配vpnclient.ini文件权限，本地攻击者可通过向ApplicationLauncher的‘Command’字段中输入任意进程名提升权限。

Severity

高

Formal description

目前没有详细解决方案提供： http://www.cisco.com/

Reference

https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/

Impacted products

Name
Cisco VPN Client < 5.0.07.0440

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7600"
    }
  },
  "description": "Cisco VPN Client\u662f\u4e00\u5957\u8de8\u5e73\u53f0\u7684\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\nCisco VPN Client\u672a\u80fd\u6b63\u786e\u5206\u914dvpnclient.ini\u6587\u4ef6\u6743\u9650\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411ApplicationLauncher\u7684\u2018Command\u2019\u5b57\u6bb5\u4e2d\u8f93\u5165\u4efb\u610f\u8fdb\u7a0b\u540d\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.cisco.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06564",
  "openTime": "2015-10-16",
  "products": {
    "product": "Cisco VPN Client \u003c 5.0.07.0440"
  },
  "referenceLink": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/",
  "serverity": "\u9ad8",
  "submitTime": "2015-10-11",
  "title": "Cisco VPN Client\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2015-7600 (GCVE-0-2015-7600)

Vulnerability from cvelistv5 – Published: 2015-10-06 17:00 – Updated: 2024-08-06 07:51

Summary

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.nettitude.co.uk/vulnerability-discove…	x_refsource_MISC
	http://www.securitytracker.com/id/1033750	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
          },
          {
            "name": "1033750",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033750"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
        },
        {
          "name": "1033750",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033750"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/",
              "refsource": "MISC",
              "url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/"
            },
            {
              "name": "1033750",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033750"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7600",
    "datePublished": "2015-10-06T17:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:28.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-06564

CVE-2015-7600 (GCVE-0-2015-7600)

Tags

Sightings

Nomenclature