The remote Debian host is missing a security-related update.
Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with privileges to modify a system connection to execute arbitrary commands as root.
Upgrade the network-manager-vpnc packages. For the stable distribution (stretch), this problem has been fixed in version 1.2.4-4+deb9u1.