Lucene search

[email protected]CVE-2009-5007

HistoryOct 14, 2010 - 5:52 a.m.

CVE-2009-5007

2010-10-1405:52:19

CWE-59

[email protected]

web.nvd.nist.gov

cisco

trial client

linux

anyconnect

ssl vpn

symlink attack

nvd

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.

Affected configurations

NVD

Node

ciscoanyconnect_ssl_vpnMatch--trial_client

CPENameOperatorVersion
cisco:anyconnect_ssl_vpncisco anyconnect ssl vpneq-

CPE	Name	Operator	Version
cisco:anyconnect_ssl_vpn	cisco anyconnect ssl vpn	eq	-

References

secunia.com/advisories/42093

www.infradead.org/openconnect.html

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-5007

cvelist1 prion1 nvd1