Information Disclosure Vulnerability in Cisco Secure Desktop SSL VPN Client
CVE-2006-5806

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Desktop
Vendor: CVE Published:; 8 November 2006

Summary

The Cisco Secure Desktop SSL VPN Client, prior to version 3.1.1.45, exhibits a security flaw when configured to launch a web browser following a successful VPN connection. This flaw results in the storage of sensitive browser session data in a directory that exists outside of the CSD vault. Consequently, users may save files outside of the vault, allowing potential access to unencrypted data even after the VPN session ends. Local users are therefore capable of reading this sensitive information, posing a significant security risk.

References

http://securitytracker.com/id?1017195

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/30129

vdb-entryx_refsource_XF

http://secunia.com/advisories/22747

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 8, 2006
Vulnerability Reserved
Nov 8, 2006