Details of VAR-201510-0036

ID

VAR-201510-0036

CVE

CVE-2015-7600

TITLE

Cisco VPN Client Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2015-005101

DESCRIPTION

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. Cisco VPN Client is a set of cross-platform VPN client software from Cisco. There is a security vulnerability in Cisco VPN Client version 5.x to version 5.0.07.0440. The vulnerability is caused by the program assigning weak permissions to the vpnclient.ini file

Trust: 1.71

sources: NVD: CVE-2015-7600 // JVNDB: JVNDB-2015-005101 // VULHUB: VHN-85561

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.2	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.6	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.7	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.07.0440	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.7.0240	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.2.0090	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.7.0290	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.7.0440	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.07.0290	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.5	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.01.0600	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.07.0410	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.03.0560	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.03.0530	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.04.0300	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.06.0160	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.02.0090	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.01	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.05.0290	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.07.0440 for up to 5.x	Trust: 0.8

sources: JVNDB: JVNDB-2015-005101 // CNNVD: CNNVD-201510-075 // NVD: CVE-2015-7600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7600
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7600
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201510-075
value:	HIGH
Trust: 0.6
VULHUB:	VHN-85561
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7600
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-85561
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-85561 // JVNDB: JVNDB-2015-005101 // CNNVD: CNNVD-201510-075 // NVD: CVE-2015-7600

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-85561 // JVNDB: JVNDB-2015-005101 // NVD: CVE-2015-7600

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201510-075

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201510-075

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005101

PATCH

title:

Cisco VPN Client

url:

http://www.cisco.com/web/JP/product/hs/security/vpncl/prodlit/clvpn_ds.html

Trust: 0.8

sources: JVNDB: JVNDB-2015-005101

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7600	Trust: 2.5
db:	SECTRACK	id:	1033750	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-005101	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-075	Trust: 0.7
db:	VULHUB	id:	VHN-85561	Trust: 0.1

sources: VULHUB: VHN-85561 // JVNDB: JVNDB-2015-005101 // CNNVD: CNNVD-201510-075 // NVD: CVE-2015-7600

REFERENCES

url:	https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/	Trust: 2.5
url:	http://www.securitytracker.com/id/1033750	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7600	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7600	Trust: 0.8

sources: VULHUB: VHN-85561 // JVNDB: JVNDB-2015-005101 // CNNVD: CNNVD-201510-075 // NVD: CVE-2015-7600

SOURCES

db:	VULHUB	id:	VHN-85561
db:	JVNDB	id:	JVNDB-2015-005101
db:	CNNVD	id:	CNNVD-201510-075
db:	NVD	id:	CVE-2015-7600

LAST UPDATE DATE

2024-11-23T21:54:50.459000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85561	date:	2017-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-005101	date:	2015-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201510-075	date:	2015-10-09T00:00:00
db:	NVD	id:	CVE-2015-7600	date:	2024-11-21T02:37:02.377

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85561	date:	2015-10-06T00:00:00
db:	JVNDB	id:	JVNDB-2015-005101	date:	2015-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201510-075	date:	2015-10-09T00:00:00
db:	NVD	id:	CVE-2015-7600	date:	2015-10-06T17:59:27.057