CVE-2008-5121 - OpenCVE

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bluecoat	Winproxy
Cisco	Vpn Client
Citrix	Deterministic Network Enhancer
Safenet	Highassurance Remote Softremote Vpn Client

Configuration 1 [-]

AND

OR	cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:::::::*
	cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:::::::*

OR	cpe:2.3:a:bluecoat:winproxy::::::::
	cpe:2.3:a:cisco:vpn_client::::::::
	cpe:2.3:a:safenet:highassurance_remote::::::::
	cpe:2.3:a:safenet:softremote_vpn_client::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/30728
http://secunia.com/advisories/30744
http://secunia.com/advisories/30747
http://secunia.com/advisories/30753
http://securityreason.com/securityalert/4600
http://support.citrix.com/article/CTX117751
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
http://www.digit-labs.org/files/exploits/dne2000-call.c
http://www.kb.cert.org/vuls/id/858993
http://www.securityfocus.com/bid/29772
http://www.vupen.com/english/advisories/2008/1865
http://www.vupen.com/english/advisories/2008/1866
http://www.vupen.com/english/advisories/2008/1867
http://www.vupen.com/english/advisories/2008/1868
https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
https://www.exploit-db.com/exploits/5837

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-18T00:00:00

Updated: 2024-08-07T10:40:17.197Z

Reserved: 2008-11-17T00:00:00

Link: CVE-2008-5121

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-11-18T00:30:00.517

Modified: 2017-09-29T01:32:28.930

Link: CVE-2008-5121

Redhat

No data.

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object