CVE-2006-5393

low-risk
Published 2006-10-18

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Secure Desktop

Affected Vendors

Cisco

References (6)

http://securitytracker.com/id?1017018
Vendor Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.s...
http://www.securityfocus.com/bid/20410
http://securitytracker.com/id?1017018
Vendor Advisory http://www.cisco.com/en/US/products/products_security_advisory09186a0080754f34.s...
http://www.securityfocus.com/bid/20410
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal