Lucene search

[email protected]CVE-2007-4415

HistoryAug 18, 2007 - 9:17 p.m.

CVE-2007-4415

2007-08-1821:17:00

[email protected]

web.nvd.nist.gov

cisco

vpn

client

vulnerability

cve-2007-4415

nvd

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

Affected configurations

NVD

Node

ciscovpn_clientRange≤5.0.01windows

ciscovpn_clientMatch5.0.01.0600

CPENameOperatorVersion
cisco:vpn_clientcisco vpn clientle5.0.01
cisco:vpn_clientcisco vpn clienteq5.0.01.0600

CPE	Name	Operator	Version
cisco:vpn_client	cisco vpn client	le	5.0.01
cisco:vpn_client	cisco vpn client	eq	5.0.01.0600

References

secunia.com/advisories/26459

securityreason.com/securityalert/3023

securitytracker.com/id?1018573

www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml

www.securityfocus.com/archive/1/476812/100/0/threaded

www.securityfocus.com/bid/25332

www.vupen.com/english/advisories/2007/2903

exchange.xforce.ibmcloud.com/vulnerabilities/36032

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-4415

cvelist2 prion2 nessus1 nvd2 cve1 cisco1