Cisco: >> Secure Desktop >> 3.1.1 Security Vulnerabilities
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".
CVSS Score
4.6
EPSS Score
0.001
Published
2006-11-08
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
CVSS Score
5.5
EPSS Score
0.001
Published
2006-10-18
The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session.
CVSS Score
2.1
EPSS Score
0.001
Published
2006-10-18
Page 2