Vulnerability Description
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Desktop | <= 3.1.1.33 |
References
- http://secunia.com/advisories/22747
- http://securitytracker.com/id?1017195
- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtmlVendor Advisory
- http://www.osvdb.org/30306
- http://www.securityfocus.com/bid/20964
- http://www.vupen.com/english/advisories/2006/4409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30129
- http://secunia.com/advisories/22747
- http://securitytracker.com/id?1017195
- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtmlVendor Advisory
- http://www.osvdb.org/30306
- http://www.securityfocus.com/bid/20964
- http://www.vupen.com/english/advisories/2006/4409
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30129
FAQ
What is CVE-2006-5806?
CVE-2006-5806 is a vulnerability with a CVSS score of 2.1 (LOW). SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the...
How severe is CVE-2006-5806?
CVE-2006-5806 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5806?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Desktop.