CVE-2008-5121
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
0.4%
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \.\DNE device interface.
Affected configurations
References
secunia.com/advisories/30728
secunia.com/advisories/30744
secunia.com/advisories/30747
secunia.com/advisories/30753
securityreason.com/securityalert/4600
support.citrix.com/article/CTX117751
tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
www.digit-labs.org/files/exploits/dne2000-call.c
www.kb.cert.org/vuls/id/858993
www.securityfocus.com/bid/29772
www.vupen.com/english/advisories/2008/1865
www.vupen.com/english/advisories/2008/1866
www.vupen.com/english/advisories/2008/1867
www.vupen.com/english/advisories/2008/1868
exchange.xforce.ibmcloud.com/vulnerabilities/43153
www.exploit-db.com/exploits/5837
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
0.4%