5 matches found
EUVD-2011-2660
Malware in sbrugna...
Cisco VPN Client cvpnd.exe Privilege Escalation
The Cisco VPN client installed on the remote host has a privilege escalation vulnerability. cvpnd.exe, which is executed by the Cisco VPN Service, has insecure permissions. A local attacker could replace this file with arbitrary code, which would later be executed by the Cisco VPN Service,...
Code injection
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions NT AUTHORITY\INTERACTIVE:F for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exist...
CVE-2011-2678
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions NT AUTHORITY\INTERACTIVE:F for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exist...
CVE-2007-4415
CVE-2007-4415 affects Cisco VPN Client on Windows before 5.0.01.0600 (and the 5.0.01.0600 InstallShield release). The root cause is insecure permissions on cvpnd.exe (Modify granted to Interactive Users), enabling local privilege escalation by replacing cvpnd.exe. Impact is local privilege escala...