CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | vpn_client | * | cpe:2.3:a:cisco:vpn_client:*:*:windows:*:*:*:*:* |
cisco | vpn_client | 5.0.01.0600 | cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:* |
secunia.com/advisories/26459
securityreason.com/securityalert/3023
securitytracker.com/id?1018573
www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
www.securityfocus.com/archive/1/476812/100/0/threaded
www.securityfocus.com/bid/25332
www.vupen.com/english/advisories/2007/2903
exchange.xforce.ibmcloud.com/vulnerabilities/36032