Vulnerabilities > CVE-2006-5393 - Information Disclosure vulnerability in Cisco Secure Desktop SSL VPN Session

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

cisco

NVD

Published: 2006-10-18

Updated: 2008-09-05

Summary

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Secure Desktop *	1

References

http://securitytracker.com/id?1017018
http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.shtml
http://www.securityfocus.com/bid/20410