CVE-2006-5808 — Sensitive Information Exposure in Cisco Secure Desktop

CWE-200 — Sensitive Information Exposure CWE-2644 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 77.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Desktop

Timeline

PublishedNov 8

Latest updateMay 1

Description

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/secure_desktop3.1.1.33+1

Patches

Patch: labs.idefense.com ↗Patch: www.cisco.com ↗Patch: labs.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-jw4c-mqg6-7wcm: The installation of Cisco Secure Desktop (CSD) before 3↗2022-05-01

▶

CVEList

CVE-2006-5808: The installation of Cisco Secure Desktop (CSD) before 3↗2006-11-08

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Secure Desktop↗2006-11-08

▶