Local User Privilege Escalation in Cisco VPN Client
CVE-2012-3052

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 16 September 2012

Summary

The untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to exploit the system's DLL search order, enabling them to execute malicious DLL files stored in the current working directory. This can lead to unauthorized privilege escalation, potentially compromising system integrity. Systems running this version of Cisco's VPN Client are at risk if they allow untrusted users access, making it crucial for organizations to apply security measures and updates to mitigate these risks.

References

http://www.cisco.com/en/US/docs/security/vpn_client/anyco...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 16, 2012