18 matches found
CVE-2002-0852
Cisco VPN Client 3.5.4 and earlier is affected by CVE-2002-0852 due to buffer overflows in IKE processing. The vulnerability allows remote attackers to cause a denial of service by sending crafted IKE traffic, specifically (1) an IKE message with a large Security Parameter Index (SPI) payload and...
CVE-2007-1467
The CVE-2007-1467 entry describes multiple cross-site scripting (XSS) vulnerabilities affecting Cisco Secure Access Control Server and related Cisco products. The root issue is insufficient input filtering in the search form used by PreSearch.html and PreSearch.class, allowing remote attackers to...
CVE-2009-4118
Cisco VPN Client for Windows (cvpnd.exe) with the cvpnd service is affected in versions before 5.0.06.0100. The StartServiceCtrlDispatcher function fails to properly handle ERROR_FAILED_SERVICE_CONTROLLER_CONNECT, allowing a local attacker to cause a denial of service by manually starting cvpnd.e...
CVE-2006-2679
Cisco VPN Client for Windows (GUI) on Windows, versions 4.8.00.* and earlier (except 4.7.00.0533), contains a local privilege escalation vulnerability tied to the dialog box privileges. The issue allows a local authenticated, interactive user to gain elevated privileges, potentially SYSTEM, via t...
CVE-2015-7600
Cisco VPN Client 5.x up to 5.0.07.0440 has insecure permissions on vpnclient.ini, enabling local privilege escalation by inserting an arbitrary program name in the Command field of the ApplicationLauncher section. This allows a local attacker to execute arbitrary code with elevated privileges on ...
CVE-2002-1108
Cisco VPN Client software 2.x.x and 3.x before 3.6(Rel) are affected when configured with all tunnel mode. The issue arises because the client can be forced into acknowledging a TCP packet from outside the tunnel, indicating a potential tunnel bypass/traffic handling anomaly. The connected docume...
CVE-2002-1447
The CVE-2002-1447 issue affects the UNIX VPN Client’s vpnclient executable. A buffer overflow is triggered by a long profile name in the connect argument, allowing local users to obtain administrative privileges. Affected product/version is VPN Client prior to 3.5.2. Remediation: upgrade to versi...
CVE-2007-4415
CVE-2007-4415 affects Cisco VPN Client on Windows before 5.0.01.0600 (and the 5.0.01.0600 InstallShield release). The root cause is insecure permissions on cvpnd.exe (Modify granted to Interactive Users), enabling local privilege escalation by replacing cvpnd.exe. Impact is local privilege escala...
CVE-2002-0853
CVE-2002-0853 affects Cisco VPN Client 3.5.4 and earlier. The vulnerability allows remote attackers to cause a denial of service (CPU consumption) by sending a packet with a zero-length payload. No root cause details or affected versions beyond the stated range are provided in the supplied docume...
CVE-2002-1105
CVE-2002-1105 affects Cisco VPN Client software 2.x.x and 3.x before 3.5.1C. A local user can use a utility program to obtain the group password, indicating a credential exposure/removal of password material on affected clients. The description does not specify a root cause beyond the existence o...
CVE-2011-2678
The CVE-2011-2678 entry maps to Cisco VPN Client on 64-bit Windows, specifically versions 5.0.7.0240 and 5.0.7.0290. The root cause is insecure/weak permissions on cvpnd.exe (NT AUTHORITY\INTERACTIVE:F), which permits a local attacker to replace the executable with arbitrary code, enabling privil...
CVE-2007-4414
Cisco VPN Client on Windows before 4.8.02.0010 allows an unprivileged local user to escalate to LocalSystem by enabling Start Before Logon and Microsoft Dial-Up Networking, then interacting with the dial-up dialog. A fix is available in 4.8.02.0010 or later; apply the Cisco advisory (cisco-sa-200...
CVE-2012-3052
The vulnerability CVE-2012-3052 affects Cisco VPN Client 5.x prior to 5.0.07.0440 and stems from untrusted DLL search path handling. An attacker with local access could place a Trojan DLL in the current working directory, which could be loaded and lead to privilege escalation. Publicly documented...
CVE-2002-1104
CVE-2002-1104 concerns Cisco VPN Client software (versions 2.x.x and 3.x prior to 3.0.5). The vulnerability allows remote attackers to trigger a denial of service (crash) by sending TCP packets with both source and destination ports equal to 137 (NETBIOS). The available description states the imp...
CVE-2002-1106
Cisco VPN Client software 2.x.x and 3.x prior to 3.5.1C is vulnerable because it does not properly verify that certificate DN fields match the VPN Concentrator certificate, enabling potential remote man-in-the-middle attacks. This is the explicit vulnerability described in CVE-2002-1106. The prov...
CVE-2012-5429
CVE-2012-5429 affects the Cisco VPN Client on Windows, where the VPN driver’s improper interaction with the kernel allows a local attacker to trigger a denial of service (kernel fault and system crash) via a crafted application (Bug ID CSCuc81669). The issue is rooted in the VPN driver’s interfac...
CVE-2002-1107
Affected software: Cisco VPN Client (2.x.x and 3.x before 3.5.2B). Issue: inadequate randomness in generated numbers. Impact: may enable spoofing or related attacks as described in CVE-2002-1107. Status in provided documents: no explicit exploit details or remediation version are listed; no addit...
CVE-2008-0324
CVE-2008-0324 affects the Cisco VPN Client for Windows, specifically the IPSec Driver CVPNDRVA.sys (v5.0.02.0090). The vulnerability allows a local attacker to crash the system (DoS) by issuing IOCTL 0x80002038 with a small size value, triggering memory corruption in the driver. The issue is desc...