Lucene search
+L
CiscoVpn Client

18 matches found

CVE
CVE
added 2002/08/14 4:0 a.m.74 views

CVE-2002-0852

Cisco VPN Client 3.5.4 and earlier is affected by CVE-2002-0852 due to buffer overflows in IKE processing. The vulnerability allows remote attackers to cause a denial of service by sending crafted IKE traffic, specifically (1) an IKE message with a large Security Parameter Index (SPI) payload and...

5CVSS6.7AI score0.01299EPSS
CVE
CVE
added 2007/03/16 9:0 p.m.70 views

CVE-2007-1467

The CVE-2007-1467 entry describes multiple cross-site scripting (XSS) vulnerabilities affecting Cisco Secure Access Control Server and related Cisco products. The root issue is insufficient input filtering in the search form used by PreSearch.html and PreSearch.class, allowing remote attackers to...

3.5CVSS5.7AI score0.01192EPSS
CVE
CVE
added 2009/12/01 12:0 a.m.64 views

CVE-2009-4118

Cisco VPN Client for Windows (cvpnd.exe) with the cvpnd service is affected in versions before 5.0.06.0100. The StartServiceCtrlDispatcher function fails to properly handle ERROR_FAILED_SERVICE_CONTROLLER_CONNECT, allowing a local attacker to cause a denial of service by manually starting cvpnd.e...

2.1CVSS6.2AI score0.02505EPSS
CVE
CVE
added 2006/05/31 10:0 a.m.62 views

CVE-2006-2679

Cisco VPN Client for Windows (GUI) on Windows, versions 4.8.00.* and earlier (except 4.7.00.0533), contains a local privilege escalation vulnerability tied to the dialog box privileges. The issue allows a local authenticated, interactive user to gain elevated privileges, potentially SYSTEM, via t...

7.2CVSS6.6AI score0.00368EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.58 views

CVE-2015-7600

Cisco VPN Client 5.x up to 5.0.07.0440 has insecure permissions on vpnclient.ini, enabling local privilege escalation by inserting an arbitrary program name in the Command field of the ApplicationLauncher section. This allows a local attacker to execute arbitrary code with elevated privileges on ...

7.2CVSS7AI score0.00537EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.57 views

CVE-2002-1108

Cisco VPN Client software 2.x.x and 3.x before 3.6(Rel) are affected when configured with all tunnel mode. The issue arises because the client can be forced into acknowledging a TCP packet from outside the tunnel, indicating a potential tunnel bypass/traffic handling anomaly. The connected docume...

5CVSS7AI score0.0118EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.48 views

CVE-2002-1447

The CVE-2002-1447 issue affects the UNIX VPN Client’s vpnclient executable. A buffer overflow is triggered by a long profile name in the connect argument, allowing local users to obtain administrative privileges. Affected product/version is VPN Client prior to 3.5.2. Remediation: upgrade to versi...

7.2CVSS6.8AI score0.01459EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.48 views

CVE-2007-4415

CVE-2007-4415 affects Cisco VPN Client on Windows before 5.0.01.0600 (and the 5.0.01.0600 InstallShield release). The root cause is insecure permissions on cvpnd.exe (Modify granted to Interactive Users), enabling local privilege escalation by replacing cvpnd.exe. Impact is local privilege escala...

6.8CVSS6.4AI score0.00316EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.46 views

CVE-2002-0853

CVE-2002-0853 affects Cisco VPN Client 3.5.4 and earlier. The vulnerability allows remote attackers to cause a denial of service (CPU consumption) by sending a packet with a zero-length payload. No root cause details or affected versions beyond the stated range are provided in the supplied docume...

5CVSS6.6AI score0.02155EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.46 views

CVE-2002-1105

CVE-2002-1105 affects Cisco VPN Client software 2.x.x and 3.x before 3.5.1C. A local user can use a utility program to obtain the group password, indicating a credential exposure/removal of password material on affected clients. The description does not specify a root cause beyond the existence o...

4.6CVSS6.6AI score0.00383EPSS
CVE
CVE
added 2011/07/07 7:0 p.m.46 views

CVE-2011-2678

The CVE-2011-2678 entry maps to Cisco VPN Client on 64-bit Windows, specifically versions 5.0.7.0240 and 5.0.7.0290. The root cause is insecure/weak permissions on cvpnd.exe (NT AUTHORITY\INTERACTIVE:F), which permits a local attacker to replace the executable with arbitrary code, enabling privil...

6.8CVSS6.7AI score0.0036EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.45 views

CVE-2007-4414

Cisco VPN Client on Windows before 4.8.02.0010 allows an unprivileged local user to escalate to LocalSystem by enabling Start Before Logon and Microsoft Dial-Up Networking, then interacting with the dial-up dialog. A fix is available in 4.8.02.0010 or later; apply the Cisco advisory (cisco-sa-200...

6.8CVSS6.5AI score0.00332EPSS
CVE
CVE
added 2012/09/16 10:0 a.m.45 views

CVE-2012-3052

The vulnerability CVE-2012-3052 affects Cisco VPN Client 5.x prior to 5.0.07.0440 and stems from untrusted DLL search path handling. An attacker with local access could place a Trojan DLL in the current working directory, which could be loaded and lead to privilege escalation. Publicly documented...

6.9CVSS6.7AI score0.0042EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.44 views

CVE-2002-1104

CVE-2002-1104 concerns Cisco VPN Client software (versions 2.x.x and 3.x prior to 3.0.5). The vulnerability allows remote attackers to trigger a denial of service (crash) by sending TCP packets with both source and destination ports equal to 137 (NETBIOS). The available description states the imp...

5CVSS7AI score0.01616EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.44 views

CVE-2002-1106

Cisco VPN Client software 2.x.x and 3.x prior to 3.5.1C is vulnerable because it does not properly verify that certificate DN fields match the VPN Concentrator certificate, enabling potential remote man-in-the-middle attacks. This is the explicit vulnerability described in CVE-2002-1106. The prov...

7.5CVSS7AI score0.00951EPSS
CVE
CVE
added 2013/01/17 9:0 p.m.44 views

CVE-2012-5429

CVE-2012-5429 affects the Cisco VPN Client on Windows, where the VPN driver’s improper interaction with the kernel allows a local attacker to trigger a denial of service (kernel fault and system crash) via a crafted application (Bug ID CSCuc81669). The issue is rooted in the VPN driver’s interfac...

4.6CVSS6.3AI score0.00312EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.43 views

CVE-2002-1107

Affected software: Cisco VPN Client (2.x.x and 3.x before 3.5.2B). Issue: inadequate randomness in generated numbers. Impact: may enable spoofing or related attacks as described in CVE-2002-1107. Status in provided documents: no explicit exploit details or remediation version are listed; no addit...

7.5CVSS6.9AI score0.0181EPSS
CVE
CVE
added 2008/01/17 2:0 a.m.41 views

CVE-2008-0324

CVE-2008-0324 affects the Cisco VPN Client for Windows, specifically the IPSec Driver CVPNDRVA.sys (v5.0.02.0090). The vulnerability allows a local attacker to crash the system (DoS) by issuing IOCTL 0x80002038 with a small size value, triggering memory corruption in the driver. The issue is desc...

4.9CVSS6.2AI score0.01173EPSS