CVE-2006-5393

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securitytracker.com/id?1017018
http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml	Vendor Advisory
http://www.securityfocus.com/bid/20410
http://securitytracker.com/id?1017018
http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml	Vendor Advisory
http://www.securityfocus.com/bid/20410

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*

History

03 Apr 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-125
CVSS	v2 : ~~2.1~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 5.5

Information

Published : 2006-10-18 19:07

Updated : 2025-04-09 00:30

NVD link : CVE-2006-5393

Mitre link : CVE-2006-5393

CVE.ORG link : CVE-2006-5393

JSON object : View

Products Affected

cisco

secure_desktop

CWE

NVD-CWE-Other CWE-125

Out-of-bounds Read

{"id": "CVE-2006-5393", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2006-10-18T19:07:00.000", "references": [{"url": "http://securitytracker.com/id?1017018", "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20410", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017018", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/20410", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session."}, {"lang": "es", "value": "Cisco Secure Desktop (CSD) no requiere que el valor del registro sea 1 para el ClearPageFileAtShutdown (aka CCE-Winv2.0-407), el cual puede permitir a los usuarios locales la lectura de ciertas p\u00e1ginas de memoria que fueron escritas durante otra sesi\u00f3n SSL VPN para un usuario diferente."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F91DD0D2-B573-4FE3-933A-02E8F4D35E56"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}