Detections
Analytics

CVE-2008-5121

high

Description

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

References

https://www.exploit-db.com/exploits/5837

https://exchange.xforce.ibmcloud.com/vulnerabilities/43153

http://www.vupen.com/english/advisories/2008/1868

http://www.vupen.com/english/advisories/2008/1867

http://www.vupen.com/english/advisories/2008/1866

http://www.vupen.com/english/advisories/2008/1865

http://www.securityfocus.com/bid/29772

http://www.kb.cert.org/vuls/id/858993

http://www.digit-labs.org/files/exploits/dne2000-call.c

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860

http://support.citrix.com/article/CTX117751

http://securityreason.com/securityalert/4600

http://secunia.com/advisories/30753

http://secunia.com/advisories/30747

http://secunia.com/advisories/30744

http://secunia.com/advisories/30728

Details

Source: Mitre, NVD

Published: 2008-11-18

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High