CVE-2006-5808

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442	Patch Vendor Advisory
http://secunia.com/advisories/22747
http://securitytracker.com/id?1017195
http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml	Patch
http://www.osvdb.org/30308
http://www.securityfocus.com/bid/20964
http://www.vupen.com/english/advisories/2006/4409
https://exchange.xforce.ibmcloud.com/vulnerabilities/30128

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_desktop::::::::
	cpe:2.3:a:cisco:secure_desktop:3.1.1.27:::::::*

History

No history.

Information

Published : 2006-11-08 22:07

Updated : 2023-12-10 10:40

NVD link : CVE-2006-5808

Mitre link : CVE-2006-5808

CVE.ORG link : CVE-2006-5808

JSON object : View

Products Affected

cisco

secure_desktop

CWE

NVD-CWE-Other

{"id": "CVE-2006-5808", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-08T22:07:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22747", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017195", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/30308", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20964", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4409", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."}, {"lang": "es", "value": "La instalaci\u00f3n del Cisco Secure Desktop (CSD) en versiones anteriores a la 3.1.1.45 utiliza permisos inseguros por defecto (todos los usuarios control total) para el directorio CSD y su directorio padre, que permite a usuarios locales conseguir privilegios mediante la sustituci\u00f3n de ejecutables del CSD, tambi\u00e9n conocido como \"Local Privilege Escalation\"."}], "lastModified": "2017-07-20T01:33:59.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B", "versionEndIncluding": "3.1.1.33"}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Cisco Secure Desktop, 3.1.1.45"}