CVE-2008-5121

EPSS 1.1%

dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.

Affected products

n/a · n/a

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/5837unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/30728 http://secunia.com/advisories/30744 http://secunia.com/advisories/30747 http://secunia.com/advisories/30753 http://securityreason.com/securityalert/4600 https://exchange.xforce.ibmcloud.com/vulnerabilities/43153 http://support.citrix.com/article/CTX117751 https://www.exploit-db.com/exploits/5837 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm25860 http://www.digit-labs.org/files/exploits/dne2000-call.c http://www.kb.cert.org/vuls/id/858993 http://www.securityfocus.com/bid/29772