var-200611-0223
Vulnerability from variot
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. Cisco Secure Desktop is susceptible to multiple vulnerabilities. These issues are due to design flaws in the application. Exploiting these issues allows local attackers to evade application security policies, to access sensitive information, and to gain local system privileges on affected computers. These vulnerabilities affect Cisco Secure Desktop version 3.1.1.33 and prior. Local privilege escalation +------------------------ The default permissions of the directory where the CSD is installed and its parent directory allow any user to modify the contents of the CSD installation, including Reorder, delete and overwrite files. Unprivileged users can exploit this vulnerability to elevate their privileges and obtain localsystem-equivalent privileges by replacing certain CSD executables that run as system services with LocalSystem privileges. CSD is installed to the \%SystemDrive\%\Program Files\Cisco Systems\Secure Desktop\ directory by default. Note that some other Cisco products install their files into the \%SystemDrive\%\Program Files\Cisco Systems\ directory. So a side effect of this vulnerability in CSD is that if other products are installed after the vulnerable version of CSD is installed, those products will also be affected.
To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.
The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.
This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links
Read the full description: http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l
TITLE: Cisco Secure Desktop Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA22747
VERIFY ADVISORY: http://secunia.com/advisories/22747/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of sensitive information, Privilege escalation
WHERE: Local system
SOFTWARE: Cisco Secure Desktop 3.x http://secunia.com/product/7726/
DESCRIPTION: Some vulnerabilities have been reported in Cisco Secure Desktop, which can be exploited by malicious, local users to gain knowledge of sensitive information, bypass certain security restrictions, or gain escalated privileges on a vulnerable system.
Successful exploitation requires that Cisco SSL VPN is configured to automatically spawn a browser after a successful connection.
2) Users are able to switch between the Secure Desktop and the Local (non-secure) Desktop when using applications that attempt to switch to the default desktop.
3) When installed on an NTFS file system, insecure default permissions are placed on the installation directory. This can be exploited to remove, manipulate, and replace any of the application's file.
Successful exploitation allows execution of arbitrary commands with SYSTEM privileges.
SOLUTION: Update to version 3.1.1.45.
PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor 3) Titon, Bastard Labs.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200611-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure desktop",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.1.33"
},
{
"model": "secure desktop",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3.1.1.33"
},
{
"model": "secure desktop",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "3.1.1.45"
},
{
"model": "secure desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1.1"
},
{
"model": "secure desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "secure desktop",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1.1.45"
}
],
"sources": [
{
"db": "BID",
"id": "20964"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001514"
},
{
"db": "NVD",
"id": "CVE-2006-5806"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.1.33",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5806"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Titon",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-5806",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-21914",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-5806",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200611-158",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-21914",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21914"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001514"
},
{
"db": "NVD",
"id": "CVE-2006-5806"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. Cisco Secure Desktop is susceptible to multiple vulnerabilities. These issues are due to design flaws in the application. \nExploiting these issues allows local attackers to evade application security policies, to access sensitive information, and to gain local system privileges on affected computers. \nThese vulnerabilities affect Cisco Secure Desktop version 3.1.1.33 and prior. Local privilege escalation +------------------------ The default permissions of the directory where the CSD is installed and its parent directory allow any user to modify the contents of the CSD installation, including Reorder, delete and overwrite files. Unprivileged users can exploit this vulnerability to elevate their privileges and obtain localsystem-equivalent privileges by replacing certain CSD executables that run as system services with LocalSystem privileges. CSD is installed to the \\\\%SystemDrive\\\\%\\Program Files\\Cisco Systems\\Secure Desktop\\ directory by default. Note that some other Cisco products install their files into the \\\\%SystemDrive\\\\%\\Program Files\\Cisco Systems\\ directory. So a side effect of this vulnerability in CSD is that if other products are installed after the vulnerable version of CSD is installed, those products will also be affected. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Secure Desktop Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA22747\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22747/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information, Privilege\nescalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nCisco Secure Desktop 3.x\nhttp://secunia.com/product/7726/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Cisco Secure Desktop,\nwhich can be exploited by malicious, local users to gain knowledge of\nsensitive information, bypass certain security restrictions, or gain\nescalated privileges on a vulnerable system. \n\nSuccessful exploitation requires that Cisco SSL VPN is configured to\nautomatically spawn a browser after a successful connection. \n\n2) Users are able to switch between the Secure Desktop and the Local\n(non-secure) Desktop when using applications that attempt to switch\nto the default desktop. \n\n3) When installed on an NTFS file system, insecure default\npermissions are placed on the installation directory. This can be\nexploited to remove, manipulate, and replace any of the application\u0027s\nfile. \n\nSuccessful exploitation allows execution of arbitrary commands with\nSYSTEM privileges. \n\nSOLUTION:\nUpdate to version 3.1.1.45. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) Reported by the vendor\n3) Titon, Bastard Labs. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5806"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001514"
},
{
"db": "BID",
"id": "20964"
},
{
"db": "VULHUB",
"id": "VHN-21914"
},
{
"db": "PACKETSTORM",
"id": "51832"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5806",
"trust": 2.8
},
{
"db": "BID",
"id": "20964",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "22747",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "30306",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-4409",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1017195",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200611-158",
"trust": 0.7
},
{
"db": "XF",
"id": "30129",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20061108 MULTIPLE VULNERABILITIES IN CISCO SECURE DESKTOP",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-21914",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "51832",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21914"
},
{
"db": "BID",
"id": "20964"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001514"
},
{
"db": "PACKETSTORM",
"id": "51832"
},
{
"db": "NVD",
"id": "CVE-2006-5806"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
]
},
"id": "VAR-200611-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21914"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:25:49.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20061108-csd",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20061108-csd"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/20964"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/30306"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1017195"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22747"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30129"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5806"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5806"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/30129"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/4409"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps6742/tsd_products_support_series_home.html"
},
{
"trust": 0.3,
"url": "/archive/1/450921"
},
{
"trust": 0.3,
"url": "/archive/1/450931"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/products/48/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7726/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22747/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21914"
},
{
"db": "BID",
"id": "20964"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001514"
},
{
"db": "PACKETSTORM",
"id": "51832"
},
{
"db": "NVD",
"id": "CVE-2006-5806"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-21914"
},
{
"db": "BID",
"id": "20964"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001514"
},
{
"db": "PACKETSTORM",
"id": "51832"
},
{
"db": "NVD",
"id": "CVE-2006-5806"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-21914"
},
{
"date": "2006-11-08T00:00:00",
"db": "BID",
"id": "20964"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001514"
},
{
"date": "2006-11-10T16:02:24",
"db": "PACKETSTORM",
"id": "51832"
},
{
"date": "2006-11-08T22:07:00",
"db": "NVD",
"id": "CVE-2006-5806"
},
{
"date": "2006-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-21914"
},
{
"date": "2007-02-22T15:46:00",
"db": "BID",
"id": "20964"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001514"
},
{
"date": "2017-07-20T01:33:59.633000",
"db": "NVD",
"id": "CVE-2006-5806"
},
{
"date": "2007-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "20964"
},
{
"db": "PACKETSTORM",
"id": "51832"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Secure Desktop of SSL VPN Client Vulnerable to reading unencrypted data",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "20964"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-158"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.