CVE-2006-5808

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442	Patch Vendor Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml	Patch
http://www.securityfocus.com/bid/20964
http://securitytracker.com/id?1017195
http://secunia.com/advisories/22747
http://www.osvdb.org/30308
http://www.vupen.com/english/advisories/2006/4409
https://exchange.xforce.ibmcloud.com/vulnerabilities/30128

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_desktop:3.1.1.27:::::::*
	cpe:2.3:a:cisco:secure_desktop::::::::

Information

Published : 2006-11-08 14:07

Updated : 2017-07-19 18:33

NVD link : CVE-2006-5808

Mitre link : CVE-2006-5808

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cisco

secure_desktop

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442", "name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability", "tags": ["Patch", "Vendor Advisory"], "refsource": "IDEFENSE"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml", "name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop", "tags": ["Patch"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/20964", "name": "20964", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1017195", "name": "1017195", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/22747", "name": "22747", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/30308", "name": "30308", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/4409", "name": "ADV-2006-4409", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128", "name": "cisco-csd-permissions-code-execution(30128)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5808", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-11-08T22:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.1.1.33"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:33Z"}

4.6 /10