CVE-2007-4415

CWE-2644 documents4 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 85.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco VPN Client
Timeline
PublishedAug 18
Latest updateMay 1

Description

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

NVDcisco/vpn_client5.0.01+1

Patches

Patch: secunia.comPatch: securitytracker.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-m3q9-2vwv-jcgp: Cisco VPN Client on Windows before 52022-05-01
CVEList
CVE-2007-4415: Cisco VPN Client on Windows before 52007-08-18

📋Vendor Advisories

1
Cisco
Local Privilege Escalation Vulnerabilities in Cisco VPN Client2007-08-15
CVE-2007-4415 (MEDIUM CVSS 6.8) | Cisco VPN Client on Windows before | cvebase.io