Lucene search

MitreCVE-2006-5806

HistoryNov 08, 2006 - 10:07 p.m.

CVE-2006-5806

2006-11-0822:07:00

mitre

web.nvd.nist.gov

cisco

secure desktop

ssl vpn

vulnerability

session information

nvd

cve-2006-5806

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.

Affected configurations

Nvd

Node

ciscosecure_desktopRange≤3.1.1.33

VendorProductVersionCPE
ciscosecure_desktop*cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_desktop	*	cpe:2.3:a:cisco:secure_desktop::::::::

References

secunia.com/advisories/22747

securitytracker.com/id?1017195

www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml

www.osvdb.org/30306

www.securityfocus.com/bid/20964

www.vupen.com/english/advisories/2006/4409

exchange.xforce.ibmcloud.com/vulnerabilities/30129

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-5806