1. Home
  2. CVE Database
  3. CVE-2009-5008
LOW · 2.1

CVE-2009-5008

Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a mo...

Vulnerability Description

Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
CiscoSecure DesktopAll versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2009-5008?

CVE-2009-5008 is a vulnerability with a CVSS score of 2.1 (LOW). Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a mo...

How severe is CVE-2009-5008?

CVE-2009-5008 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-5008?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Desktop.