ID CVE-2006-5808
Summary The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". This vulnerability is addressed in the following product release: Cisco, Cisco Secure Desktop, 3.1.1.45
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:secure_desktop:-:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_desktop:-:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:secure_desktop:3.0_base:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_desktop:3.0_base:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:secure_desktop:3.1.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_desktop:3.1.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 20964
cisco 20061108 Multiple Vulnerabilities in Cisco Secure Desktop
idefense 20061108 Cisco Secure Desktop Privilege Escalation Vulnerability
osvdb 30308
sectrack 1017195
secunia 22747
vupen ADV-2006-4409
xf cisco-csd-permissions-code-execution(30128)
Last major update 20-07-2017 - 01:33
Published 08-11-2006 - 22:07
Last modified 20-07-2017 - 01:33
Back to Top