Weak Permission Vulnerability in Cisco VPN Client Versions
CVE-2015-7600

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 6 October 2015

Summary

The Cisco VPN Client 5.x versions, specifically up to 5.0.07.0440, expose a significant security flaw due to improper permissions on the vpnclient.ini configuration file. This weakness allows local users to exploit the Command field in the ApplicationLauncher section, enabling them to execute arbitrary programs with elevated privileges. As a result, unauthorized users can potentially gain control over sensitive operations within the application, placing the integrity of the VPN connections at risk.

References

https://www.nettitude.co.uk/vulnerability-discovered-in-u...

x_refsource_MISC

http://www.securitytracker.com/id/1033750

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 6, 2015
Vulnerability Reserved
Sep 29, 2015