CVE-2007-4415

high

Description

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36032

http://www.vupen.com/english/advisories/2007/2903

http://www.securityfocus.com/bid/25332

http://www.securityfocus.com/archive/1/476812/100/0/threaded

http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml

http://securitytracker.com/id?1018573

http://securityreason.com/securityalert/3023

http://secunia.com/advisories/26459

Details

Source: Mitre, NVD

Published: 2007-08-18

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00047

Detections

Analytics