CVE-2006-5808

{"id": "CVE-2006-5808", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-08T22:07:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22747", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017195", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/30308", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20964", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4409", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/22747", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1017195", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/30308", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/20964", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4409", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."}, {"lang": "es", "value": "La instalaci\u00f3n del Cisco Secure Desktop (CSD) en versiones anteriores a la 3.1.1.45 utiliza permisos inseguros por defecto (todos los usuarios control total) para el directorio CSD y su directorio padre, que permite a usuarios locales conseguir privilegios mediante la sustituci\u00f3n de ejecutables del CSD, tambi\u00e9n conocido como \"Local Privilege Escalation\"."}], "lastModified": "2024-11-21T00:20:38.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B", "versionEndIncluding": "3.1.1.33"}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Cisco Secure Desktop, 3.1.1.45"}