Privilege Escalation in Cisco VPN Client for Windows
CVE-2011-2678

Currently unrated

Key Information:

Vendor

Cisco
Status
Vpn Client
Vendor
CVE Published:
7 July 2011

What is CVE-2011-2678?

The Cisco VPN Client versions 5.0.7.0240 and 5.0.7.0290 for 64-bit Windows systems suffer from a vulnerability related to improper file permissions. Specifically, the executable file 'cvpnd.exe' is set with weak permissions that allow local users to replace it with arbitrary programs, effectively enabling them to gain elevated privileges. This issue arises from a regression related to a previously addressed vulnerability and poses a significant risk if exploited.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/518638/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://isc.sans.edu/diary.html?storyid=11125
x_refsource_MISC
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vp...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.