CVE-2015-7600

CWE-2645 documents5 sources
Severity
7.2HIGH
EPSS
0.1%
top 79.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco VPN Client
Timeline
PublishedOct 6
Latest updateMay 17

Description

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDcisco/vpn_client20 versions+19

🔴Vulnerability Details

3
GHSA
GHSA-x8rh-5gwj-qvc6: Cisco VPN Client 52022-05-17
OSV
drupal7 vulnerabilities2021-03-15
CVEList
CVE-2015-7600: Cisco VPN Client 52015-10-06
CVE-2015-7600 (HIGH CVSS 7.2) | Cisco VPN Client 5.x through 5.0.07 | cvebase.io