cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2015-7600,https://securityvulnerability.io/vulnerability/CVE-2015-7600,,"Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.",Cisco,Vpn Client,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-10-06T17:00:00.000Z,0
CVE-2012-5429,https://securityvulnerability.io/vulnerability/CVE-2012-5429,,"The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.",Cisco,Vpn Client,,,0.0009399999980814755,false,,false,false,false,,,false,false,,2013-01-17T21:55:00.000Z,0
CVE-2012-3052,https://securityvulnerability.io/vulnerability/CVE-2012-3052,,"Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.",Cisco,Vpn Client,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2012-09-16T10:34:00.000Z,0
CVE-2011-2678,https://securityvulnerability.io/vulnerability/CVE-2011-2678,,"The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.",Cisco,Vpn Client,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2011-07-07T19:00:00.000Z,0
CVE-2009-4118,https://securityvulnerability.io/vulnerability/CVE-2009-4118,,"The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.",Cisco,Vpn Client,,,0.0006099999882280827,false,,false,false,true,2018-04-02T23:19:47.000Z,true,false,false,,2009-12-01T00:30:00.000Z,0
CVE-2008-0324,https://securityvulnerability.io/vulnerability/CVE-2008-0324,,"Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.",Cisco,Vpn Client,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2008-01-17T02:00:00.000Z,0
CVE-2007-4415,https://securityvulnerability.io/vulnerability/CVE-2007-4415,,"Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.",Cisco,Vpn Client,,,0.0006000000284984708,false,,false,false,false,,,false,false,,2007-08-18T21:00:00.000Z,0
CVE-2007-4414,https://securityvulnerability.io/vulnerability/CVE-2007-4414,,"Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the ""Start Before Logon"" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.",Cisco,Vpn Client,,,0.0006000000284984708,false,,false,false,false,,,false,false,,2007-08-18T21:00:00.000Z,0
CVE-2007-1467,https://securityvulnerability.io/vulnerability/CVE-2007-1467,,"Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.",Cisco,"Unified Video Advantage,Unified Videoconferencing Manager,Vpn Client,Unified Personal Communicator,Wireless Lan Solution Engine,Ip Communicator,Unified Meetingplace,Ciscoworks,Wan Manager,Wireless Control System,Network Analysis Module,Security Device Manager,Acs Solution Engine,Unified Videoconferencing,Wireless Lan Controllers,Meetingplace,Call Manager,Unified Meetingplace Express",,,0.004230000078678131,false,,false,false,false,,,false,false,,2007-03-16T21:00:00.000Z,0
CVE-2006-2679,https://securityvulnerability.io/vulnerability/CVE-2006-2679,,"Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.",Cisco,Vpn Client,,,0.0006000000284984708,false,,false,false,false,,,false,false,,2006-05-31T10:00:00.000Z,0
CVE-2005-4499,https://securityvulnerability.io/vulnerability/CVE-2005-4499,,"The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.",Cisco,"Vpn 3001 Concentrator,Vpn 3015 Concentrator,Vpn 3020 Concentrator,Vpn 3030 Concentator,Vpn 3060 Concentrator,Vpn 3080 Concentrator,Adaptive Security Appliance Software,Vpn 3000 Concentrator Series Software,Vpn 3005 Concentrator Software,Pix Asa Ids,Pix Firewall,Secure Access Control Server,Vpn 3002 Hardware Client,Pix Firewall 501,Pix Firewall 506,Pix Firewall 515,Pix Firewall 515e,Pix Firewall 520,Pix Firewall 525,Pix Firewall 535,Pix Firewall Software",,,0.009530000388622284,false,,false,false,false,,,false,false,,2005-12-22T11:00:00.000Z,0
CVE-2005-0943,https://securityvulnerability.io/vulnerability/CVE-2005-0943,,Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.,Cisco,"Vpn 3015 Concentrator,Vpn 3020 Concentrator,Vpn 3030 Concentator,Vpn 3060 Concentrator,Vpn 3080 Concentrator,Vpn 3000 Concentrator Series Software,Vpn 3005 Concentrator Software,Vpn 3002 Hardware Client",,,0.003280000062659383,false,,false,false,false,,,false,false,,2005-03-30T05:00:00.000Z,0
CVE-2003-0260,https://securityvulnerability.io/vulnerability/CVE-2003-0260,,Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.,Cisco,"Vpn 3015 Concentrator,Vpn 3030 Concentator,Vpn 3060 Concentrator,Vpn 3080 Concentrator,Vpn 3000 Concentrator Series Software,Vpn 3002 Hardware Client",,,0.009750000201165676,false,,false,false,false,,,false,false,,2003-05-27T04:00:00.000Z,0
CVE-2003-0258,https://securityvulnerability.io/vulnerability/CVE-2003-0258,,"Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.",Cisco,"Vpn 3015 Concentrator,Vpn 3030 Concentator,Vpn 3060 Concentrator,Vpn 3080 Concentrator,Vpn 3000 Concentrator Series Software,Vpn 3005 Concentrator Software,Vpn 3002 Hardware Client",,,0.010099999606609344,false,,false,false,false,,,false,false,,2003-05-27T04:00:00.000Z,0
CVE-2003-0259,https://securityvulnerability.io/vulnerability/CVE-2003-0259,,Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.,Cisco,"Vpn 3015 Concentrator,Vpn 3030 Concentator,Vpn 3060 Concentrator,Vpn 3080 Concentrator,Vpn 3000 Concentrator Series Software,Vpn 3002 Hardware Client",,,0.009750000201165676,false,,false,false,false,,,false,false,,2003-05-27T04:00:00.000Z,0
CVE-2002-1492,https://securityvulnerability.io/vulnerability/CVE-2002-1492,,"Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.",Cisco,Vpn 5000 Client,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2003-04-02T05:00:00.000Z,0
CVE-2002-1491,https://securityvulnerability.io/vulnerability/CVE-2002-1491,,"The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving ""Default Connection"" settings, which could allow local users to gain privileges.",Cisco,Vpn 5000 Client,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2003-04-02T05:00:00.000Z,0
CVE-2002-1100,https://securityvulnerability.io/vulnerability/CVE-2002-1100,,"Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface.",Cisco,"Vpn 3000 Concentrator Series Software,Vpn 3002 Hardware Client",,,0.008670000359416008,false,,false,false,false,,,false,false,,2002-10-04T04:00:00.000Z,0
CVE-2002-1102,https://securityvulnerability.io/vulnerability/CVE-2002-1102,,"The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection.",Cisco,"Vpn 3000 Concentrator Series Software,Vpn 3002 Hardware Client",,,0.008229999803006649,false,,false,false,false,,,false,false,,2002-10-04T04:00:00.000Z,0
CVE-2002-1094,https://securityvulnerability.io/vulnerability/CVE-2002-1094,,"Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.",Cisco,"Vpn 3000 Concentrator Series Software,Vpn 3002 Hardware Client",,,0.006909999996423721,false,,false,false,false,,,false,false,,2002-10-04T04:00:00.000Z,0
CVE-2002-1104,https://securityvulnerability.io/vulnerability/CVE-2002-1104,,Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).,Cisco,Vpn Client,,,0.008229999803006649,false,,false,false,false,,,false,false,,2002-10-04T04:00:00.000Z,0
CVE-2002-1098,https://securityvulnerability.io/vulnerability/CVE-2002-1098,,"Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an ""HTTPS on Public Inbound (XML-Auto)(forward/in)"" rule but sets the protocol to ""ANY"" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.",Cisco,"Vpn 3000 Concentrator Series Software,Vpn 3002 Hardware Client",,,0.004279999993741512,false,,false,false,false,,,false,false,,2002-10-04T04:00:00.000Z,0
CVE-2002-1099,https://securityvulnerability.io/vulnerability/CVE-2002-1099,,"Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.",Cisco,"Vpn 3000 Concentrator Series Software,Vpn 3002 Hardware Client",,,0.004009999800473452,false,,false,false,false,,,false,false,,2002-10-04T04:00:00.000Z,0
CVE-2002-1106,https://securityvulnerability.io/vulnerability/CVE-2002-1106,,"Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.",Cisco,Vpn Client,,,0.003599999938160181,false,,false,false,false,,,false,false,,2002-10-04T04:00:00.000Z,0
CVE-2002-1107,https://securityvulnerability.io/vulnerability/CVE-2002-1107,,"Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.",Cisco,Vpn Client,,,0.004279999993741512,false,,false,false,false,,,false,false,,2002-10-04T04:00:00.000Z,0