Details of VAR-201010-0013

ID

VAR-201010-0013

CVE

CVE-2009-5008

TITLE

CSD Vulnerabilities that bypass policy restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2010-002913

DESCRIPTION

Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. is prone to a local security vulnerability. Cisco Secure Desktop (CSD) is an endpoint security solution that integrates firewall, access control, intrusion prevention, and application control

Trust: 1.98

sources: NVD: CVE-2009-5008 // JVNDB: JVNDB-2010-002913 // BID: 79083 // VULHUB: VHN-42454

AFFECTED PRODUCTS

vendor:	cisco	model:	secure desktop	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	secure desktop	scope:	eq	version:	*	Trust: 1.0

sources: JVNDB: JVNDB-2010-002913 // CNNVD: CNNVD-201010-225 // NVD: CVE-2009-5008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-5008
value:	LOW
Trust: 1.0
NVD:	CVE-2009-5008
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201010-225
value:	LOW
Trust: 0.6
VULHUB:	VHN-42454
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2009-5008
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42454
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42454 // JVNDB: JVNDB-2010-002913 // CNNVD: CNNVD-201010-225 // NVD: CVE-2009-5008

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-42454 // JVNDB: JVNDB-2010-002913 // NVD: CVE-2009-5008

THREAT TYPE

local

Trust: 0.9

sources: BID: 79083 // CNNVD: CNNVD-201010-225

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201010-225

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002913

PATCH

title:

OpenConnect／

url:

http://www.infradead.org/openconnect.html

Trust: 0.8

sources: JVNDB: JVNDB-2010-002913

EXTERNAL IDS

db:	NVD	id:	CVE-2009-5008	Trust: 2.8
db:	JVNDB	id:	JVNDB-2010-002913	Trust: 0.8
db:	CNNVD	id:	CNNVD-201010-225	Trust: 0.7
db:	BID	id:	79083	Trust: 0.4
db:	VULHUB	id:	VHN-42454	Trust: 0.1

sources: VULHUB: VHN-42454 // BID: 79083 // JVNDB: JVNDB-2010-002913 // CNNVD: CNNVD-201010-225 // NVD: CVE-2009-5008

REFERENCES

url:	http://www.infradead.org/openconnect.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5008	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-5008	Trust: 0.8

sources: VULHUB: VHN-42454 // BID: 79083 // JVNDB: JVNDB-2010-002913 // CNNVD: CNNVD-201010-225 // NVD: CVE-2009-5008

CREDITS

Unknown

Trust: 0.3

sources: BID: 79083

SOURCES

db:	VULHUB	id:	VHN-42454
db:	BID	id:	79083
db:	JVNDB	id:	JVNDB-2010-002913
db:	CNNVD	id:	CNNVD-201010-225
db:	NVD	id:	CVE-2009-5008

LAST UPDATE DATE

2024-11-23T22:49:51.318000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42454	date:	2010-10-14T00:00:00
db:	BID	id:	79083	date:	2010-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2010-002913	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201010-225	date:	2010-10-18T00:00:00
db:	NVD	id:	CVE-2009-5008	date:	2024-11-21T01:10:58.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42454	date:	2010-10-14T00:00:00
db:	BID	id:	79083	date:	2010-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2010-002913	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201010-225	date:	2010-10-18T00:00:00
db:	NVD	id:	CVE-2009-5008	date:	2010-10-14T05:52:19.713