CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
25.6%
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka “Local Privilege Escalation”.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_desktop | * | cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:* |
cisco | secure_desktop | 3.1.1.27 | cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:* |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=442
secunia.com/advisories/22747
securitytracker.com/id?1017195
www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml
www.osvdb.org/30308
www.securityfocus.com/bid/20964
www.vupen.com/english/advisories/2006/4409
exchange.xforce.ibmcloud.com/vulnerabilities/30128