Vulnerability Details CVE-2006-5808
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.6%
CVSS Severity
CVSS v2 Score 4.6
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442
- http://secunia.com/advisories/22747
- http://securitytracker.com/id?1017195
- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml
- http://www.osvdb.org/30308
- http://www.securityfocus.com/bid/20964
- http://www.vupen.com/english/advisories/2006/4409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30128
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442
- http://secunia.com/advisories/22747
- http://securitytracker.com/id?1017195
- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml
- http://www.osvdb.org/30308
- http://www.securityfocus.com/bid/20964
- http://www.vupen.com/english/advisories/2006/4409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30128
Products affected by CVE-2006-5808
-
cpe:2.3:a:cisco:secure_desktop:-
-
cpe:2.3:a:cisco:secure_desktop:3.0_base
-
cpe:2.3:a:cisco:secure_desktop:3.1
-
cpe:2.3:a:cisco:secure_desktop:3.1.0.31
-
cpe:2.3:a:cisco:secure_desktop:3.1.1
-
cpe:2.3:a:cisco:secure_desktop:3.1.1.27
-
cpe:2.3:a:cisco:secure_desktop:3.1.1.33