CVE-2006-5808

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".

Published: Nov 8, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5808
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / secure_desktop	3.1.1.27	3.1.1.27.x
cisco / secure_desktop	-	3.1.1.33.x

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442
http://secunia.com/advisories/22747
http://securitytracker.com/id?1017195
http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml
http://www.osvdb.org/30308
http://www.securityfocus.com/bid/20964
http://www.vupen.com/english/advisories/2006/4409
https://exchange.xforce.ibmcloud.com/vulnerabilities/30128

Vulnerability Database

289,697

CVE-2006-5808