Privilege Escalation in Cisco VPN Client for Windows
CVE-2011-2678

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 7 July 2011

Summary

The Cisco VPN Client versions 5.0.7.0240 and 5.0.7.0290 for 64-bit Windows systems suffer from a vulnerability related to improper file permissions. Specifically, the executable file 'cvpnd.exe' is set with weak permissions that allow local users to replace it with arbitrary programs, effectively enabling them to gain elevated privileges. This issue arises from a regression related to a previously addressed vulnerability and poses a significant risk if exploited.

References

http://www.securityfocus.com/archive/1/518638/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://isc.sans.edu/diary.html?storyid=11125

x_refsource_MISC

http://www.cisco.com/warp/public/707/cisco-sa-20070815-vp...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jul 7, 2011
Vulnerability Reserved
Jul 7, 2011