CVE-2007-4415

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 18 August 2007

Summary

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

References

http://www.securityfocus.com/archive/1/476812/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.cisco.com/warp/public/707/cisco-sa-20070815-vp...

vendor-advisoryx_refsource_CISCO

http://www.vupen.com/english/advisories/2007/2903

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Aug 18, 2007
Vulnerability Reserved
Aug 18, 2007