Detections
Analytics

Cisco VPN Client cvpnd.exe Privilege Escalation

medium Nessus Plugin ID 55568

Language:

Synopsis

The VPN client installed on the remote Windows host has a privilege escalation vulnerability.

Description

The Cisco VPN client installed on the remote host has a privilege escalation vulnerability. cvpnd.exe, which is executed by the Cisco VPN Service, has insecure permissions. A local attacker could replace this file with arbitrary code, which would later be executed by the Cisco VPN Service, resulting in an elevation of privileges.

The following versions are vulnerable :

 - 32-bit versions prior to 5.0.01.0600
 - 64-bit version 5.0.7.0240
 - 64-bit version 5.0.7.0290

Solution

Upgrade to Cisco VPN Client 32-bit version 5.0.01.0600 / 64-bit version 5.0.07.0440 or later. Cisco notes that the 32-bit MSI package contains the fix for this vulnerability, while the IS package does not.

See Also

http://www.nessus.org/u?b6a63244

Plugin Details

Severity: Medium

ID: 55568

File Name: cisco_vpn_client_sa-20070815.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 7/12/2011

Updated: 9/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:vpn_client

Required KB Items: SMB/transport, SMB/CiscoVPNClient/Version, SMB/CiscoVPNClient/Path

Exploit Ease: No known exploits are available

Patch Publication Date: 8/15/2007

Vulnerability Publication Date: 8/15/2007

Reference Information

CVE: CVE-2007-4415

BID: 25332