CVE-2007-4414

CWE-2644 documents4 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 80.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco VPN Client

Timeline

PublishedAug 18

Latest updateMay 1

Description

Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/vpn_client4.8.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-gm7r-3hg9-9wc5: Cisco VPN Client on Windows before 4↗2022-05-01

▶

CVEList

CVE-2007-4414: Cisco VPN Client on Windows before 4↗2007-08-18

▶

📋Vendor Advisories

Cisco

Local Privilege Escalation Vulnerabilities in Cisco VPN Client↗2007-08-15

▶