CVE-2008-5121
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
18/11/2008
Last modified:
09/04/2025
Description
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:citrix:deterministic_network_enhancer:2.21.7.223:*:*:*:*:*:*:* | ||
| cpe:2.3:a:citrix:deterministic_network_enhancer:3.21.7.17464:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bluecoat:winproxy:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:safenet:highassurance_remote:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:safenet:softremote_vpn_client:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/30728
- http://secunia.com/advisories/30744
- http://secunia.com/advisories/30747
- http://secunia.com/advisories/30753
- http://securityreason.com/securityalert/4600
- http://support.citrix.com/article/CTX117751
- http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
- http://www.digit-labs.org/files/exploits/dne2000-call.c
- http://www.kb.cert.org/vuls/id/858993
- http://www.securityfocus.com/bid/29772
- http://www.vupen.com/english/advisories/2008/1865
- http://www.vupen.com/english/advisories/2008/1866
- http://www.vupen.com/english/advisories/2008/1867
- http://www.vupen.com/english/advisories/2008/1868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
- https://www.exploit-db.com/exploits/5837
- http://secunia.com/advisories/30728
- http://secunia.com/advisories/30744
- http://secunia.com/advisories/30747
- http://secunia.com/advisories/30753
- http://securityreason.com/securityalert/4600
- http://support.citrix.com/article/CTX117751
- http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860
- http://www.digit-labs.org/files/exploits/dne2000-call.c
- http://www.kb.cert.org/vuls/id/858993
- http://www.securityfocus.com/bid/29772
- http://www.vupen.com/english/advisories/2008/1865
- http://www.vupen.com/english/advisories/2008/1866
- http://www.vupen.com/english/advisories/2008/1867
- http://www.vupen.com/english/advisories/2008/1868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43153
- https://www.exploit-db.com/exploits/5837