CVE-2007-4415

Severity

68%

Complexity

31%

Confidentiality

165%

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C).

Overview

First reported 17 years ago

2007-08-18 21:17:00

Last updated 6 years ago

2018-10-15 21:35:00

Affected Software

Cisco VPN Client 5.0.01.0600

5.0.01.0600

References

26459

Patch, Vendor Advisory

3023

1018573

Patch

20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client

Patch

20070816 Local privilege escalation vulnerability in Cisco VPN client

25332

Patch

ADV-2007-2903

cisco-vpn-cvpnd-privilege-escalation(36032)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.