Cisco VPN Client 5.x <= 5.0.07.0440 vpnclient.ini Privilege Escalation

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The VPN client installed on the remote Windows host is affected by a
local privilege escalation vulnerability.

Description :

The version of the Cisco VPN client installed on the remote host
is 5.x prior or equal to 5.0.07.0440. It is, therefore, affected by a
flaw due to insecure permissions for file vpnclient.ini. A local
attacker can exploit this, by inserting an arbitrary program name in
the Command field of the ApplicationLauncher section of that file, to
execute arbitrary code with elevated privileges.

See also :

http://www.nessus.org/u?0acd9d8e

Solution :

This software is no longer supported. Contact the vendor for options.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 93479 ()

Bugtraq ID:

CVE ID: CVE-2015-7600

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now