CVE-2006-2679

Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/20261	Patch Vendor Advisory
http://securitytracker.com/id?1016156	Patch
http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml	Patch
http://www.osvdb.org/25888
http://www.securityfocus.com/bid/18094
http://www.vupen.com/english/advisories/2006/1964
https://exchange.xforce.ibmcloud.com/vulnerabilities/26632
http://secunia.com/advisories/20261	Patch Vendor Advisory
http://securitytracker.com/id?1016156	Patch
http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml	Patch
http://www.osvdb.org/25888
http://www.securityfocus.com/bid/18094
http://www.vupen.com/english/advisories/2006/1964
https://exchange.xforce.ibmcloud.com/vulnerabilities/26632

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:vpn_client:2.0::windows:::::
	cpe:2.3:a:cisco:vpn_client:3.0::windows:::::
	cpe:2.3:a:cisco:vpn_client:3.0.5::windows:::::
	cpe:2.3:a:cisco:vpn_client:3.1::windows:::::
	cpe:2.3:a:cisco:vpn_client:3.5.1::windows:::::
	cpe:2.3:a:cisco:vpn_client:3.5.1c::windows:::::
	cpe:2.3:a:cisco:vpn_client:3.5.2::windows:::::
	cpe:2.3:a:cisco:vpn_client:4.7.00.0000::windows:::::
	cpe:2.3:a:cisco:vpn_client:4.8.00.0000::windows:::::

History

21 Nov 2024, 00:11

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/20261 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/20261 - Patch, Vendor Advisory
References	~~() http://securitytracker.com/id?1016156 - Patch~~	() http://securitytracker.com/id?1016156 - Patch
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml - Patch~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml - Patch
References	~~() http://www.osvdb.org/25888 -~~	() http://www.osvdb.org/25888 -
References	~~() http://www.securityfocus.com/bid/18094 -~~	() http://www.securityfocus.com/bid/18094 -
References	~~() http://www.vupen.com/english/advisories/2006/1964 -~~	() http://www.vupen.com/english/advisories/2006/1964 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/26632 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/26632 -

Information

Published : 2006-05-31 10:06

Updated : 2025-04-03 01:03

NVD link : CVE-2006-2679

Mitre link : CVE-2006-2679

CVE.ORG link : CVE-2006-2679

JSON object : View

Products Affected

cisco

vpn_client

CWE

NVD-CWE-noinfo

{"id": "CVE-2006-2679", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-05-31T10:06:00.000", "references": [{"url": "http://secunia.com/advisories/20261", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016156", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25888", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18094", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1964", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20261", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1016156", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/25888", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/18094", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/1964", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26632", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "398B68C7-C1DB-4A62-B0A2-89C917768E58"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20C66C87-1367-4440-A2C2-E6B657DA2743"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4BFB291-672C-437E-BBF4-B00D89C11EA9"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A270D7C-ACBC-41A4-A606-8A4F35894E74"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59938F7D-5F64-4FC0-A5B2-C798AF297130"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76060A99-ED0C-4125-B67E-FA8E4F57AAB5"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2288FB91-4607-417D-8658-E1B8090BE40A"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:4.7.00.0000:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2039E7C3-E623-4ADC-B851-55BC33FA760D"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:4.8.00.0000:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C3777CC-C18F-4F93-8DD4-A0A348EDA1D6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10