Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4415

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4415
Last Modified 07 Mar 2011 09:58:31
Published 18 Aug 2007 05:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-4415

Summary

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

Vulnerable Systems

Application

  • Cisco Vpn Client 5.0.01

  • Cisco Vpn Client 5.0.01.0600


References

BID - 25332

CISCO - 20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client

SECTRACK - 1018573

SECUNIA - 26459

VUPEN - ADV-2007-2903

BUGTRAQ - 20070816 Local privilege escalation vulnerability in Cisco VPN client

XF - cisco-vpn-cvpnd-privilege-escalation(36032)

SREASON - 3023


Last Updated: 27 May 2016 10:45:51