CVE-2011-2678

3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 80.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco VPN Client
Timeline
PublishedJul 7
Latest updateMay 14

Description

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

NVDcisco/vpn_client5.0.7.0240, 5.0.7.0290+1

🔴Vulnerability Details

2
GHSA
GHSA-xw82-gwhg-j9gf: The Cisco VPN Client 52022-05-14
CVEList
CVE-2011-2678: The Cisco VPN Client 52011-07-07
CVE-2011-2678 (MEDIUM CVSS 6.8) | The Cisco VPN Client 5.0.7.0240 and | cvebase.io