{ "id": "CVE-2015-7600", "sourceIdentifier": "cve@mitre.org", "published": "2015-10-06T17:59:27.057", "lastModified": "2025-04-12T10:46:40.837", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section." }, { "lang": "es", "value": "Cisco VPN Client 5.x hasta la versi\u00f3n 5.0.07.0440 utiliza permisos d\u00e9biles para vpnclient.ini, lo que permite a usuarios locales obtener privilegios mediante la entrada de un nombre de programa arbitrario en el campo Command de la secci\u00f3n ApplicationLauncher." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "baseScore": 7.2, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-264" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4F8D296-8C41-4ACF-97A1-B046CE18C623" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01:*:*:*:*:*:*:*", "matchCriteriaId": "A241A0DC-E0C0-40FF-825F-3BFD04EF05C4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:*", "matchCriteriaId": "58FB3744-3107-410F-8E03-228060A95018" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "51BB77A8-9610-4622-855E-F41D4DE8BF98" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.02.0090:*:*:*:*:*:*:*", "matchCriteriaId": "7093F844-3939-481C-9D76-DC9812309474" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:*:*:*:*:*:*", "matchCriteriaId": "AB3D6BB1-BDCB-46A1-A213-17CB1F46683F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0530:*:*:*:*:*:*:*", "matchCriteriaId": "F1845EE7-185C-4537-B968-10F1E20082B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.03.0560:*:*:*:*:*:*:*", "matchCriteriaId": "A0D44782-3DD1-45DA-9457-8B6D07E12B5B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.04.0300:*:*:*:*:*:*:*", "matchCriteriaId": "D9FED413-4C1E-45C2-B2CC-5C70079B00F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FDA1A681-3063-4894-BA84-846CFCE35D54" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.05.0290:*:*:*:*:*:*:*", "matchCriteriaId": "BBC5508A-92AC-437A-A55E-2A864A757BFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "7072DB27-CFE9-4D5D-A912-608A719E72CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.06.0160:*:*:*:*:*:*:*", "matchCriteriaId": "54DE7A64-BF7C-4062-9315-18AD3D5F6FD3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "34B077DB-FBD7-4B15-B682-5A8912A07727" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0240:*:*:*:*:*:*:*", "matchCriteriaId": "15B23F91-9BA0-4C07-ACAC-315C846F2754" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0290:*:*:*:*:*:*:*", "matchCriteriaId": "B348A7D4-6753-4464-B1B8-1B94E09F65B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0290:*:*:*:*:*:*:*", "matchCriteriaId": "465D80AD-7622-440F-BFF5-C94C62A3E905" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0410:*:*:*:*:*:*:*", "matchCriteriaId": "6F8659A2-717E-4D8B-8877-B0FACF39C599" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.07.0440:*:*:*:*:*:*:*", "matchCriteriaId": "32B0C059-A4A1-4F31-B561-F1611814004C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0440:*:*:*:*:*:*:*", "matchCriteriaId": "288C2815-C809-423E-AB62-BBE19F692F6E" } ] } ] } ], "references": [ { "url": "http://www.securitytracker.com/id/1033750", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/", "source": "cve@mitre.org", "tags": [ "Exploit" ] }, { "url": "http://www.securitytracker.com/id/1033750", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ] } ] }