CVE-2006-5808 - Vulnerability Details - OpenCVE

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Secure Desktop

Configuration 1 [-]

OR	cpe:2.3:a:cisco:secure_desktop::::::::
	cpe:2.3:a:cisco:secure_desktop:3.1.1.27:::::::*

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442
http://secunia.com/advisories/22747
http://securitytracker.com/id?1017195
http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml
http://www.osvdb.org/30308
http://www.securityfocus.com/bid/20964
http://www.vupen.com/english/advisories/2006/4409
https://exchange.xforce.ibmcloud.com/vulnerabilities/30128

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-08T22:00:00

Updated: 2024-08-07T20:04:55.603Z

Reserved: 2006-11-08T00:00:00

Link: CVE-2006-5808

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-08T22:07:00.000

Modified: 2024-11-21T00:20:38.277

Link: CVE-2006-5808

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cisco-csd-permissions-code-execution(30128)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"}, {"name": "1017195", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017195"}, {"name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"}, {"name": "22747", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22747"}, {"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"}, {"name": "ADV-2006-4409", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4409"}, {"name": "30308", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30308"}, {"name": "20964", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20964"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cisco-csd-permissions-code-execution(30128)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"}, {"name": "1017195", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017195"}, {"name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"}, {"name": "22747", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22747"}, {"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"}, {"name": "ADV-2006-4409", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4409"}, {"name": "30308", "refsource": "OSVDB", "url": "http://www.osvdb.org/30308"}, {"name": "20964", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20964"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:04:55.603Z"}, "title": "CVE Program Container", "references": [{"name": "cisco-csd-permissions-code-execution(30128)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"}, {"name": "1017195", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017195"}, {"name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"}, {"name": "22747", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22747"}, {"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"}, {"name": "ADV-2006-4409", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4409"}, {"name": "30308", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/30308"}, {"name": "20964", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20964"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5808", "datePublished": "2006-11-08T22:00:00", "dateReserved": "2006-11-08T00:00:00", "dateUpdated": "2024-08-07T20:04:55.603Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E37AB27-7FAA-4F84-BA0F-2B88FB5C7F9B", "versionEndIncluding": "3.1.1.33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*", "matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."}, {"lang": "es", "value": "La instalaci\u00f3n del Cisco Secure Desktop (CSD) en versiones anteriores a la 3.1.1.45 utiliza permisos inseguros por defecto (todos los usuarios control total) para el directorio CSD y su directorio padre, que permite a usuarios locales conseguir privilegios mediante la sustituci\u00f3n de ejecutables del CSD, tambi\u00e9n conocido como \"Local Privilege Escalation\"."}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Cisco Secure Desktop, 3.1.1.45", "id": "CVE-2006-5808", "lastModified": "2024-11-21T00:20:38.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-08T22:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/22747"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017195"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/30308"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20964"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4409"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/22747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/30308"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20964"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}