CVE-2008-5121

{"id": "CVE-2008-5121", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-11-18T00:30:00.517", "references": [{"url": "http://secunia.com/advisories/30728", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30744", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30747", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30753", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4600", "source": "cve@mitre.org"}, {"url": "http://support.citrix.com/article/CTX117751", "source": "cve@mitre.org"}, {"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860", "source": "cve@mitre.org"}, {"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/858993", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29772", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1865", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1866", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1867", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1868", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5837", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30728", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30744", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30747", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30753", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/4600", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.citrix.com/article/CTX117751", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.digit-labs.org/files/exploits/dne2000-call.c", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/858993", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/29772", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1865", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1866", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1867", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1868", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43153", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5837", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\\\.\\DNE device interface."}, {"lang": "es", "value": "dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet SoftRemote y HighAssurance Remote, permite a usuarios locales obtener privilegios a trav\u00e9s de una petici\u00f3n DNE_IOCTL DeviceIoControl modificada a la interfaz de dispositivo \\\\.\\DNE .\r\n\r\n"}], "lastModified": "2024-11-21T00:53:20.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10F0D8E9-67F6-4484-9BD1-A16228A41D0E"}, {"criteria": "cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "153E29F0-3E68-4CF3-B5B3-8A63E101A650"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bluecoat:winproxy:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BC5D863E-670D-4849-960B-FEEA70C95E74"}, {"criteria": "cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "099829D2-EC37-4BEF-91B7-375478189C1B"}, {"criteria": "cpe:2.3:a:safenet:highassurance_remote:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7212B1EF-2AD3-42DD-A6D7-DB18F3ED2923"}, {"criteria": "cpe:2.3:a:safenet:softremote_vpn_client:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C384818-1B30-4EBA-99DE-E64008F72985"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}