Lucene search

[email protected]NVD:CVE-2008-5121

HistoryNov 18, 2008 - 12:30 a.m.

CVE-2008-5121

2008-11-1800:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

High

EPSS

Percentile

0.4%

JSON

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \.\DNE device interface.

Affected configurations

Nvd

Node

citrixdeterministic_network_enhancerMatch2.21.7.223

citrixdeterministic_network_enhancerMatch3.21.7.17464

AND

bluecoatwinproxy

ciscovpn_client

safenethighassurance_remote

safenetsoftremote_vpn_client

VendorProductVersionCPE
citrixdeterministic_network_enhancer2.21.7.223cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:*:*:*:*:*:*:*
citrixdeterministic_network_enhancer3.21.7.17464cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:*:*:*:*:*:*:*
bluecoatwinproxy*cpe:2.3:a:bluecoat:winproxy:*:*:*:*:*:*:*:*
ciscovpn_client*cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*
safenethighassurance_remote*cpe:2.3:a:safenet:highassurance_remote:*:*:*:*:*:*:*:*
safenetsoftremote_vpn_client*cpe:2.3:a:safenet:softremote_vpn_client:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
citrix	deterministic_network_enhancer	2.21.7.223	cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:::::::*
citrix	deterministic_network_enhancer	3.21.7.17464	cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:::::::*
bluecoat	winproxy	*	cpe:2.3:a:bluecoat:winproxy::::::::
cisco	vpn_client	*	cpe:2.3:a:cisco:vpn_client::::::::
safenet	highassurance_remote	*	cpe:2.3:a:safenet:highassurance_remote::::::::
safenet	softremote_vpn_client	*	cpe:2.3:a:safenet:softremote_vpn_client::::::::

References

secunia.com/advisories/30728

secunia.com/advisories/30744

secunia.com/advisories/30747

secunia.com/advisories/30753

securityreason.com/securityalert/4600

support.citrix.com/article/CTX117751

tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860

www.digit-labs.org/files/exploits/dne2000-call.c

www.kb.cert.org/vuls/id/858993

www.securityfocus.com/bid/29772

www.vupen.com/english/advisories/2008/1865

www.vupen.com/english/advisories/2008/1866

www.vupen.com/english/advisories/2008/1867

www.vupen.com/english/advisories/2008/1868

exchange.xforce.ibmcloud.com/vulnerabilities/43153

www.exploit-db.com/exploits/5837

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2008-5121

cvelist1 prion1 nessus1 cve1 exploitdb1