Cisco VPN Client cvpnd.exe Privilege Escalation

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The VPN client installed on the remote Windows host has a privilege
escalation vulnerability.

Description :

The Cisco VPN client installed on the remote host has a privilege
escalation vulnerability. cvpnd.exe, which is executed by the Cisco
VPN Service, has insecure permissions. A local attacker could replace
this file with arbitrary code, which would later be executed by the
Cisco VPN Service, resulting in an elevation of privileges.

The following versions are vulnerable :

- 32-bit versions prior to 5.0.01.0600
- 64-bit version 5.0.7.0240
- 64-bit version 5.0.7.0290

See also :

http://www.nessus.org/u?132892db

Solution :

Upgrade to Cisco VPN Client 32-bit version 5.0.01.0600 / 64-bit
version 5.0.07.0440 or later. Cisco notes that the 32-bit MSI package
contains the fix for this vulnerability, while the IS package does
not.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 55568 ()

Bugtraq ID: 25332

CVE ID: CVE-2007-4415

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now