Lucene search
HistoryOct 06, 2015 - 5:59 p.m.
CVE-2015-7600
cisco
vpn
client
weak permissions
vulnerability
privilege escalation
cve-2015-7600
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
Affected configurations
Node
ciscovpn_clientMatch5.0
ORciscovpn_clientMatch5.0.01
ORciscovpn_clientMatch5.0.01.0600
ORciscovpn_clientMatch5.0.2
ORciscovpn_clientMatch5.0.02.0090
ORciscovpn_clientMatch5.0.2.0090
ORciscovpn_clientMatch5.0.03.0530
ORciscovpn_clientMatch5.0.03.0560
ORciscovpn_clientMatch5.0.04.0300
ORciscovpn_clientMatch5.0.5
ORciscovpn_clientMatch5.0.05.0290
ORciscovpn_clientMatch5.0.6
ORciscovpn_clientMatch5.0.06.0160
ORciscovpn_clientMatch5.0.7
ORciscovpn_clientMatch5.0.7.0240
ORciscovpn_clientMatch5.0.7.0290
ORciscovpn_clientMatch5.0.07.0290
ORciscovpn_clientMatch5.0.07.0410
ORciscovpn_clientMatch5.0.07.0440
ORciscovpn_clientMatch5.0.7.0440
Related
nessus
nessus
Cisco VPN Client 5.x <= 5.0.07.0440 vpnclient.ini Privilege Escalation
2016-09-14 00:00:00
prion
prion
Design/Logic Flaw
2015-10-06 17:59:00
nvd
nvd
CVE-2015-7600
2015-10-06 17:59:27
cvelist
cvelist
CVE-2015-7600
2015-10-06 17:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2015-7600