Lucene search

[email protected]CVE-2006-5806

HistoryNov 08, 2006 - 10:07 p.m.

CVE-2006-5806

2006-11-0822:07:00

[email protected]

web.nvd.nist.gov

cisco

secure desktop

ssl vpn

vulnerability

session information

nvd

cve-2006-5806

5.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.

Affected configurations

NVD

Node

ciscosecure_desktopRange≤3.1.1.33

CPENameOperatorVersion
cisco:secure_desktopcisco secure desktople3.1.1.33

CPE	Name	Operator	Version
cisco:secure_desktop	cisco secure desktop	le	3.1.1.33

References

secunia.com/advisories/22747

securitytracker.com/id?1017195

www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml

www.osvdb.org/30306

www.securityfocus.com/bid/20964

www.vupen.com/english/advisories/2006/4409

exchange.xforce.ibmcloud.com/vulnerabilities/30129

5.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2006-5806

cvelist1 nvd1 cisco1