CVE-2006-5808
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.6%
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka “Local Privilege Escalation”.
Affected configurations
References
labs.idefense.com/intelligence/vulnerabilities/display.php?id=442
secunia.com/advisories/22747
securitytracker.com/id?1017195
www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml
www.osvdb.org/30308
www.securityfocus.com/bid/20964
www.vupen.com/english/advisories/2006/4409
exchange.xforce.ibmcloud.com/vulnerabilities/30128
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.6%