CVE-2012-3052

Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
ciscovpn_client
5.0
ciscovpn_client
5.0.01
ciscovpn_client
5.0.01.0600
ciscovpn_client
5.0.2
ciscovpn_client
5.0.02.0090
ciscovpn_client
5.0.2.0090
ciscovpn_client
5.0.03.0530
ciscovpn_client
5.0.03.0560
ciscovpn_client
5.0.04.0300
ciscovpn_client
5.0.5
ciscovpn_client
5.0.05.0290
ciscovpn_client
5.0.6
ciscovpn_client
5.0.06.0160
ciscovpn_client
5.0.7
ciscovpn_client
5.0.07.0290
ciscovpn_client
5.0.07.0410
ciscovpn_client
5.0.07.0440
𝑥
= Vulnerable software versions
References
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html