var-200610-0174
Vulnerability from variot
The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session. Cisco Secure Desktop is prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues allows an attacker to gain access to potentially sensitive information; this may lead to other attacks. The following problems exist in the implementation of CSD, which may lead to the leakage of sensitive information related to SSL VPN sessions. Restoring documents from a Windows printer spool If a document has already been printed, it can be restored from a printer spool. Background files are usually stored in the C:\WINDOWS\system32\spool\PRINTERS\ directory, with the extension .SPL. The life cycle of these files is very short, because they will be deleted after being successfully sent to the printer. However, if there is a printing problem or if data forensics is applied to the hard drive, it may be possible to recover the files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure desktop",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "secure desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "secure desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1.1"
},
{
"model": "secure desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
}
],
"sources": [
{
"db": "BID",
"id": "20410"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-311"
},
{
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ManTech International Corporation\u203bhttp://www.mantech.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-311"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5394",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-5394",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-21502",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-5394",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-311",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-21502",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2006-5394",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21502"
},
{
"db": "VULMON",
"id": "CVE-2006-5394"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-311"
},
{
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of Cisco Secure Desktop (CSD) has an unchecked \"Disable printing\" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user\u0027s SSL VPN session. Cisco Secure Desktop is prone to multiple information-disclosure vulnerabilities. \nSuccessfully exploiting these issues allows an attacker to gain access to potentially sensitive information; this may lead to other attacks. The following problems exist in the implementation of CSD, which may lead to the leakage of sensitive information related to SSL VPN sessions. Restoring documents from a Windows printer spool If a document has already been printed, it can be restored from a printer spool. Background files are usually stored in the C:\\WINDOWS\\system32\\spool\\PRINTERS\\ directory, with the extension .SPL. The life cycle of these files is very short, because they will be deleted after being successfully sent to the printer. However, if there is a printing problem or if data forensics is applied to the hard drive, it may be possible to recover the files",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5394"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001401"
},
{
"db": "BID",
"id": "20410"
},
{
"db": "VULHUB",
"id": "VHN-21502"
},
{
"db": "VULMON",
"id": "CVE-2006-5394"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5394",
"trust": 2.9
},
{
"db": "BID",
"id": "20410",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1017018",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001401",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-311",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20061009 LIMITATIONS IN CISCO SECURE DESKTOP",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-21502",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2006-5394",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21502"
},
{
"db": "VULMON",
"id": "CVE-2006-5394"
},
{
"db": "BID",
"id": "20410"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-311"
},
{
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"id": "VAR-200610-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21502"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-06T22:54:07.969000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20061009-csd",
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20061009-csd.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001401"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/20410"
},
{
"trust": 1.8,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080754f34.shtml"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1017018"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5394"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5394"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps6742/tsd_products_support_series_home.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps6742/products_configuration_guide_chapter09186a00805f9f42.html#wp1041681"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/314834/en-us/"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/182086/en-us/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061009-csd.shtml"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=11844"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21502"
},
{
"db": "VULMON",
"id": "CVE-2006-5394"
},
{
"db": "BID",
"id": "20410"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-311"
},
{
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-21502"
},
{
"db": "VULMON",
"id": "CVE-2006-5394"
},
{
"db": "BID",
"id": "20410"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-311"
},
{
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-21502"
},
{
"date": "2006-10-18T00:00:00",
"db": "VULMON",
"id": "CVE-2006-5394"
},
{
"date": "2006-10-09T00:00:00",
"db": "BID",
"id": "20410"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001401"
},
{
"date": "2006-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-311"
},
{
"date": "2006-10-18T19:07:00",
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-21502"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2006-5394"
},
{
"date": "2016-07-06T14:06:00",
"db": "BID",
"id": "20410"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001401"
},
{
"date": "2006-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-311"
},
{
"date": "2008-09-05T21:12:09.623000",
"db": "NVD",
"id": "CVE-2006-5394"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "20410"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-311"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSD Vulnerability to read data sent to printer in default settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001401"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "20410"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-311"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.