Vulnerability Details CVE-2008-5121
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.8%
CVSS Severity
CVSS v2 Score 7.2
References
- http://secunia.com/advisories/30728
- http://secunia.com/advisories/30744
- http://secunia.com/advisories/30747
- http://secunia.com/advisories/30753
- http://securityreason.com/securityalert/4600
- http://support.citrix.com/article/CTX117751
- http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
- http://www.digit-labs.org/files/exploits/dne2000-call.c
- http://www.kb.cert.org/vuls/id/858993
- http://www.securityfocus.com/bid/29772
- http://www.vupen.com/english/advisories/2008/1865
- http://www.vupen.com/english/advisories/2008/1866
- http://www.vupen.com/english/advisories/2008/1867
- http://www.vupen.com/english/advisories/2008/1868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
- https://www.exploit-db.com/exploits/5837
- http://secunia.com/advisories/30728
- http://secunia.com/advisories/30744
- http://secunia.com/advisories/30747
- http://secunia.com/advisories/30753
- http://securityreason.com/securityalert/4600
- http://support.citrix.com/article/CTX117751
- http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
- http://www.digit-labs.org/files/exploits/dne2000-call.c
- http://www.kb.cert.org/vuls/id/858993
- http://www.securityfocus.com/bid/29772
- http://www.vupen.com/english/advisories/2008/1865
- http://www.vupen.com/english/advisories/2008/1866
- http://www.vupen.com/english/advisories/2008/1867
- http://www.vupen.com/english/advisories/2008/1868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
- https://www.exploit-db.com/exploits/5837
Products affected by CVE-2008-5121
-
cpe:2.3:a:bluecoat:winproxy:-
-
cpe:2.3:a:bluecoat:winproxy:6.0
-
cpe:2.3:a:bluecoat:winproxy:6.1
-
cpe:2.3:a:cisco:vpn_client:-
-
cpe:2.3:a:cisco:vpn_client:2.0
-
cpe:2.3:a:cisco:vpn_client:3.0
-
cpe:2.3:a:cisco:vpn_client:3.0.5
-
cpe:2.3:a:cisco:vpn_client:3.1
-
cpe:2.3:a:cisco:vpn_client:3.5.1
-
cpe:2.3:a:cisco:vpn_client:3.5.1c
-
cpe:2.3:a:cisco:vpn_client:3.5.2
-
cpe:2.3:a:cisco:vpn_client:3.5.2b
-
cpe:2.3:a:cisco:vpn_client:3.5.4
-
cpe:2.3:a:cisco:vpn_client:3.6
-
cpe:2.3:a:cisco:vpn_client:3.6.1
-
cpe:2.3:a:cisco:vpn_client:4.0
-
cpe:2.3:a:cisco:vpn_client:4.0.2a
-
cpe:2.3:a:cisco:vpn_client:4.0.2c
-
cpe:2.3:a:cisco:vpn_client:4.7.00.0000
-
cpe:2.3:a:cisco:vpn_client:4.8.00.0000
-
cpe:2.3:a:cisco:vpn_client:4.8.1
-
cpe:2.3:a:cisco:vpn_client:5.0
-
cpe:2.3:a:cisco:vpn_client:5.0.01
-
cpe:2.3:a:cisco:vpn_client:5.0.01.0600
-
cpe:2.3:a:cisco:vpn_client:5.0.02.0090
-
cpe:2.3:a:cisco:vpn_client:5.0.03.0530
-
cpe:2.3:a:cisco:vpn_client:5.0.03.0560
-
cpe:2.3:a:cisco:vpn_client:5.0.04.0300
-
cpe:2.3:a:cisco:vpn_client:5.0.05.0290
-
cpe:2.3:a:cisco:vpn_client:5.0.06.0160
-
cpe:2.3:a:cisco:vpn_client:5.0.07.0290
-
cpe:2.3:a:cisco:vpn_client:5.0.07.0410
-
cpe:2.3:a:cisco:vpn_client:5.0.07.0440
-
cpe:2.3:a:cisco:vpn_client:5.0.2
-
cpe:2.3:a:cisco:vpn_client:5.0.2.0090
-
cpe:2.3:a:cisco:vpn_client:5.0.5
-
cpe:2.3:a:cisco:vpn_client:5.0.6
-
cpe:2.3:a:cisco:vpn_client:5.0.7
-
cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223
-
cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464
-
cpe:2.3:a:safenet:highassurance_remote:*
-
cpe:2.3:a:safenet:softremote_vpn_client:*