cvelistv5 - cve-2006-5808

CVE-2006-5808 (GCVE-0-2006-5808)

Vulnerability from cvelistv5 – Published: 2006-11-08 22:00 – Updated: 2024-08-07 20:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1017195	vdb-entryx_refsource_SECTRACK
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://secunia.com/advisories/22747	third-party-advisoryx_refsource_SECUNIA
	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://www.vupen.com/english/advisories/2006/4409	vdb-entryx_refsource_VUPEN
	http://www.osvdb.org/30308	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/20964	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:55.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-csd-permissions-code-execution(30128)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
          },
          {
            "name": "1017195",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017195"
          },
          {
            "name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
          },
          {
            "name": "22747",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22747"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
          },
          {
            "name": "ADV-2006-4409",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4409"
          },
          {
            "name": "30308",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/30308"
          },
          {
            "name": "20964",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20964"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cisco-csd-permissions-code-execution(30128)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
        },
        {
          "name": "1017195",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017195"
        },
        {
          "name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
        },
        {
          "name": "22747",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22747"
        },
        {
          "name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
        },
        {
          "name": "ADV-2006-4409",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4409"
        },
        {
          "name": "30308",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/30308"
        },
        {
          "name": "20964",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20964"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5808",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-csd-permissions-code-execution(30128)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
            },
            {
              "name": "1017195",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017195"
            },
            {
              "name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
            },
            {
              "name": "22747",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22747"
            },
            {
              "name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
            },
            {
              "name": "ADV-2006-4409",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4409"
            },
            {
              "name": "30308",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/30308"
            },
            {
              "name": "20964",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20964"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5808",
    "datePublished": "2006-11-08T22:00:00",
    "dateReserved": "2006-11-08T00:00:00",
    "dateUpdated": "2024-08-07T20:04:55.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.1.1.33\", \"matchCriteriaId\": \"3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59D841B0-3D1B-4F1C-87F1-D0355955E49C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \\\"Local Privilege Escalation\\\".\"}, {\"lang\": \"es\", \"value\": \"La instalaci\\u00f3n del Cisco Secure Desktop (CSD) en versiones anteriores a la 3.1.1.45 utiliza permisos inseguros por defecto (todos los usuarios control total) para el directorio CSD y su directorio padre, que permite a usuarios locales conseguir privilegios mediante la sustituci\\u00f3n de ejecutables del CSD, tambi\\u00e9n conocido como \\\"Local Privilege Escalation\\\".\"}]",
      "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Cisco Secure Desktop, 3.1.1.45",
      "id": "CVE-2006-5808",
      "lastModified": "2024-11-21T00:20:38.277",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-11-08T22:07:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/22747\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017195\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/30308\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20964\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4409\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/30128\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/22747\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017195\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.osvdb.org/30308\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20964\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4409\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/30128\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5808\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-11-08T22:07:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \\\"Local Privilege Escalation\\\".\"},{\"lang\":\"es\",\"value\":\"La instalaci\u00f3n del Cisco Secure Desktop (CSD) en versiones anteriores a la 3.1.1.45 utiliza permisos inseguros por defecto (todos los usuarios control total) para el directorio CSD y su directorio padre, que permite a usuarios locales conseguir privilegios mediante la sustituci\u00f3n de ejecutables del CSD, tambi\u00e9n conocido como \\\"Local Privilege Escalation\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1.1.33\",\"matchCriteriaId\":\"3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59D841B0-3D1B-4F1C-87F1-D0355955E49C\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22747\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017195\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/30308\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20964\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4409\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30128\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22747\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.osvdb.org/30308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/4409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"This vulnerability is addressed in the following product release:\\r\\nCisco, Cisco Secure Desktop, 3.1.1.45\"}}"
  }
}

FKIE_CVE-2006-5808

Vulnerability from fkie_nvd - Published: 2006-11-08 22:07 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22747
cve@mitre.org	http://securitytracker.com/id?1017195
cve@mitre.org	http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml	Patch
cve@mitre.org	http://www.osvdb.org/30308
cve@mitre.org	http://www.securityfocus.com/bid/20964
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4409
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30128
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22747
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017195
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/30308
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20964
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4409
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30128

Impacted products

	Vendor	Product	Version
	cisco	secure_desktop	*
	cisco	secure_desktop	3.1.1.27

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B",
              "versionEndIncluding": "3.1.1.33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
    },
    {
      "lang": "es",
      "value": "La instalaci\u00f3n del Cisco Secure Desktop (CSD) en versiones anteriores a la 3.1.1.45 utiliza permisos inseguros por defecto (todos los usuarios control total) para el directorio CSD y su directorio padre, que permite a usuarios locales conseguir privilegios mediante la sustituci\u00f3n de ejecutables del CSD, tambi\u00e9n conocido como \"Local Privilege Escalation\"."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Cisco Secure Desktop, 3.1.1.45",
  "id": "CVE-2006-5808",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-08T22:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22747"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017195"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/30308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20964"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4409"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/30308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-5808

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-5808

Aliases

CVE-2006-5808

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5808",
    "description": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\".",
    "id": "GSD-2006-5808"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5808"
      ],
      "details": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\".",
      "id": "GSD-2006-5808",
      "modified": "2023-12-13T01:19:56.373595Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-5808",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "cisco-csd-permissions-code-execution(30128)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
          },
          {
            "name": "1017195",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017195"
          },
          {
            "name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
          },
          {
            "name": "22747",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22747"
          },
          {
            "name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
          },
          {
            "name": "ADV-2006-4409",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4409"
          },
          {
            "name": "30308",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/30308"
          },
          {
            "name": "20964",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20964"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1.1.33",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5808"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
            },
            {
              "name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
            },
            {
              "name": "20964",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/20964"
            },
            {
              "name": "1017195",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017195"
            },
            {
              "name": "22747",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22747"
            },
            {
              "name": "30308",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/30308"
            },
            {
              "name": "ADV-2006-4409",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4409"
            },
            {
              "name": "cisco-csd-permissions-code-execution(30128)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:33Z",
      "publishedDate": "2006-11-08T22:07Z"
    }
  }
}

GHSA-JW4C-MQG6-7WCM

Vulnerability from github – Published: 2022-05-01 07:31 – Updated: 2022-05-01 07:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5808"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-11-08T22:07:00Z",
    "severity": "MODERATE"
  },
  "details": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\".",
  "id": "GHSA-jw4c-mqg6-7wcm",
  "modified": "2022-05-01T07:31:57Z",
  "published": "2022-05-01T07:31:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5808"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22747"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017195"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/30308"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20964"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4409"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200611-0225

Vulnerability from variot - Updated: 2023-12-18 13:25

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". Cisco Secure Desktop is susceptible to multiple vulnerabilities. These issues are due to design flaws in the application. Exploiting these issues allows local attackers to evade application security policies, to access sensitive information, and to gain local system privileges on affected computers. These vulnerabilities affect Cisco Secure Desktop version 3.1.1.33 and prior. Cisco Secure Desktop (CSD) uses encryption to reduce the risk of cookies, browser history, temporary files, and downloads being left on the system after a remote user logs off or an SSL VPN session times out. Unprivileged users can exploit this vulnerability to elevate their privileges and obtain localsystem-equivalent privileges by replacing certain CSD executables that run as system services with LocalSystem privileges. Note that some other Cisco products install their files into the \%SystemDrive\%\Program Files\Cisco Systems\ directory. So a side effect of this vulnerability in CSD is that if other products are installed after the vulnerable version of CSD is installed, those products will also be affected.

To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links

Read the full description: http://corporate.secunia.com/products/48/?r=l

Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l

TITLE: Cisco Secure Desktop Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA22747

VERIFY ADVISORY: http://secunia.com/advisories/22747/

CRITICAL: Less critical

IMPACT: Security Bypass, Exposure of sensitive information, Privilege escalation

WHERE: Local system

SOFTWARE: Cisco Secure Desktop 3.x http://secunia.com/product/7726/

DESCRIPTION: Some vulnerabilities have been reported in Cisco Secure Desktop, which can be exploited by malicious, local users to gain knowledge of sensitive information, bypass certain security restrictions, or gain escalated privileges on a vulnerable system.

1) Internet browsers that are automatically spawned after establishing an SSL VPN connection uses a directory outside of the CSD vault. Users are then able to save files downloaded during the internet browsing session into the said directory, which results in unencrypted files remaining in the system after the SSL VPN session.

Successful exploitation requires that Cisco SSL VPN is configured to automatically spawn a browser after a successful connection.

2) Users are able to switch between the Secure Desktop and the Local (non-secure) Desktop when using applications that attempt to switch to the default desktop.

3) When installed on an NTFS file system, insecure default permissions are placed on the installation directory. This can be exploited to remove, manipulate, and replace any of the application's file.

Successful exploitation allows execution of arbitrary commands with SYSTEM privileges.

SOLUTION: Update to version 3.1.1.45.

PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor 3) Titon, Bastard Labs.

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml

iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200611-0225",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure desktop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "3.1.1.27"
      },
      {
        "model": "secure desktop",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.1.1.33"
      },
      {
        "model": "secure desktop",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "3.1.1.33"
      },
      {
        "model": "secure desktop",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "3.1.1.45"
      },
      {
        "model": "secure desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1"
      },
      {
        "model": "secure desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1"
      },
      {
        "model": "secure desktop",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3.1.1.45"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "20964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1.1.33",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5808"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Titon",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-5808",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-5808",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-21916",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-5808",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200611-129",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-21916",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\". Cisco Secure Desktop is susceptible to multiple vulnerabilities. These issues are due to design flaws in the application. \nExploiting these issues allows local attackers to evade application security policies, to access sensitive information, and to gain local system privileges on affected computers. \nThese vulnerabilities affect Cisco Secure Desktop version 3.1.1.33 and prior. Cisco Secure Desktop (CSD) uses encryption to reduce the risk of cookies, browser history, temporary files, and downloads being left on the system after a remote user logs off or an SSL VPN session times out. Unprivileged users can exploit this vulnerability to elevate their privileges and obtain localsystem-equivalent privileges by replacing certain CSD executables that run as system services with LocalSystem privileges. Note that some other Cisco products install their files into the \\\\%SystemDrive\\\\%\\Program Files\\Cisco Systems\\ directory. So a side effect of this vulnerability in CSD is that if other products are installed after the vulnerable version of CSD is installed, those products will also be affected. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Secure Desktop Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA22747\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22747/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information, Privilege\nescalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nCisco Secure Desktop 3.x\nhttp://secunia.com/product/7726/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Cisco Secure Desktop,\nwhich can be exploited by malicious, local users to gain knowledge of\nsensitive information, bypass certain security restrictions, or gain\nescalated privileges on a vulnerable system. \n\n1)  Internet browsers that are automatically spawned after\nestablishing an SSL VPN connection uses a directory outside of the\nCSD vault. Users are then able to save files downloaded during the\ninternet browsing session into the said directory, which results in\nunencrypted files remaining in the system after the SSL VPN session. \n\nSuccessful exploitation requires that Cisco SSL VPN is configured to\nautomatically spawn a browser after a successful connection. \n\n2) Users are able to switch between the Secure Desktop and the Local\n(non-secure) Desktop when using applications that attempt to switch\nto the default desktop. \n\n3) When installed on an NTFS file system, insecure default\npermissions are placed on the installation directory. This can be\nexploited to remove, manipulate, and replace any of the application\u0027s\nfile. \n\nSuccessful exploitation allows execution of arbitrary commands with\nSYSTEM privileges. \n\nSOLUTION:\nUpdate to version 3.1.1.45. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) Reported by the vendor\n3) Titon, Bastard Labs. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5808"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      },
      {
        "db": "BID",
        "id": "20964"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21916"
      },
      {
        "db": "PACKETSTORM",
        "id": "51832"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-5808",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "20964",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "22747",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "30308",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4409",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017195",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "30128",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20061108 MULTIPLE VULNERABILITIES IN CISCO SECURE DESKTOP",
        "trust": 0.6
      },
      {
        "db": "IDEFENSE",
        "id": "20061108 CISCO SECURE DESKTOP PRIVILEGE ESCALATION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-21916",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51832",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21916"
      },
      {
        "db": "BID",
        "id": "20964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      },
      {
        "db": "PACKETSTORM",
        "id": "51832"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ]
  },
  "id": "VAR-200611-0225",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21916"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:25:49.776000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20061108-csd",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20061108-csd"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5808"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
      },
      {
        "trust": 1.8,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/20964"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/30308"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017195"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22747"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/4409"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5808"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5808"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/30128"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/4409"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6742/tsd_products_support_series_home.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/450921"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/450931"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/products/48/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7726/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22747/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21916"
      },
      {
        "db": "BID",
        "id": "20964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      },
      {
        "db": "PACKETSTORM",
        "id": "51832"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-21916"
      },
      {
        "db": "BID",
        "id": "20964"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      },
      {
        "db": "PACKETSTORM",
        "id": "51832"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5808"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21916"
      },
      {
        "date": "2006-11-08T00:00:00",
        "db": "BID",
        "id": "20964"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      },
      {
        "date": "2006-11-10T16:02:24",
        "db": "PACKETSTORM",
        "id": "51832"
      },
      {
        "date": "2006-11-08T22:07:00",
        "db": "NVD",
        "id": "CVE-2006-5808"
      },
      {
        "date": "2006-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21916"
      },
      {
        "date": "2007-02-22T15:46:00",
        "db": "BID",
        "id": "20964"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      },
      {
        "date": "2017-07-20T01:33:59.743000",
        "db": "NVD",
        "id": "CVE-2006-5808"
      },
      {
        "date": "2006-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "20964"
      },
      {
        "db": "PACKETSTORM",
        "id": "51832"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CSD Vulnerabilities that have been granted privileges in the installation of",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001516"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "20964"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-129"
      }
    ],
    "trust": 0.9
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-5808 (GCVE-0-2006-5808)

FKIE_CVE-2006-5808

GSD-2006-5808

GHSA-JW4C-MQG6-7WCM

VAR-200611-0225

Tags

Sightings

Nomenclature