Local Privilege Escalation Vulnerability in Cisco VPN Client for Windows
CVE-2007-4415

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 18 August 2007

Summary

The Cisco VPN Client for Windows prior to version 5.0.01.0600 includes weak permissions for the cvpnd.exe executable, granting Modify access to Interactive Users. This weakness can be exploited by local users, allowing them to elevate their privileges by modifying the cvpnd.exe file. It is crucial for users and administrators to ensure they implement proper access controls and update to the latest version to mitigate this risk.

References

http://www.securityfocus.com/archive/1/476812/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.cisco.com/warp/public/707/cisco-sa-20070815-vp...

vendor-advisoryx_refsource_CISCO

http://www.vupen.com/english/advisories/2007/2903

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Aug 18, 2007
Vulnerability Reserved
Aug 18, 2007