CVE-2006-5808

high

Description

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30128

http://www.vupen.com/english/advisories/2006/4409

http://www.securityfocus.com/bid/20964

http://www.osvdb.org/30308

http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml

http://securitytracker.com/id?1017195

http://secunia.com/advisories/22747

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442

Details

Source: Mitre, NVD

Published: 2006-11-08

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00072