CVE-2006-4315 — Tectia Client vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 82.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SSH Tectia Client SSH Tectia Connector SSH Tectia Manager +1 more

Timeline

PublishedAug 23

Latest updateMay 1

Description

Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

▶NVDssh/tectia_client25 versions+24

▶NVDssh/tectia_server20 versions+19

▶NVDssh/tectia_manager1.3, 1.4, 2.1.2+2

▶NVDssh/tectia_connector5.0, 5.0.1+1

Patches

Patch: www.ssh.com ↗Patch: www.ssh.com ↗

🔴Vulnerability Details

GHSA

GHSA-xvxg-vgch-8ccv: Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5↗2022-05-01

▶

CVEList

CVE-2006-4315: Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5↗2006-08-23

▶