Cisco VPN Client Dialer Local Privilege Escalation

This script is Copyright (C) 2007-2013 Ferdy Riphagen


Synopsis :

The remote windows host contains an application that is affected by a
privilege escalation vulnerability.

Description :

The installed Cisco VPN Client version is prone to a privilege
escalation attack. By using the 'Start before logon' feature in the
VPN client dialer, a local attacker may gain privileges and execute
arbitrary commands with SYSTEM privileges.

See also :

http://www.nessus.org/u?bc07e815

Solution :

Upgrade to version 4.8.01.0300 or a later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 25550 (cisco_vpn_client_priv_escalation.nasl)

Bugtraq ID: 18094

CVE ID: CVE-2006-2679

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now