6.4 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
CPE | Name | Operator | Version |
---|---|---|---|
cisco:vpn_client | cisco vpn client | le | 5.0.01 |
cisco:vpn_client | cisco vpn client | eq | 5.0.01.0600 |
secunia.com/advisories/26459
securityreason.com/securityalert/3023
securitytracker.com/id?1018573
www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
www.securityfocus.com/archive/1/476812/100/0/threaded
www.securityfocus.com/bid/25332
www.vupen.com/english/advisories/2007/2903
exchange.xforce.ibmcloud.com/vulnerabilities/36032