Local Privilege Escalation Issue in Cisco VPN Client on Windows
CVE-2007-4414

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 18 August 2007

Summary

The Cisco VPN Client for Windows, prior to version 4.8.02.0010, exposes a vulnerability that permits local users to escalate their privileges. This is achieved by leveraging the 'Start Before Logon' (SBL) feature alongside the Microsoft Dial-Up Networking options. Users can manipulate the dial-up networking interface to gain unauthorized access, potentially compromising the system's integrity and security.

References

http://www.cisco.com/warp/public/707/cisco-sa-20070815-vp...

vendor-advisoryx_refsource_CISCO

http://www.vupen.com/english/advisories/2007/2903

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/26459

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Aug 18, 2007
Vulnerability Reserved
Aug 18, 2007