Cisco VPN Client on Windows Dial-up Networking Dialog Local Privilege Escalation
Medium Nessus Plugin ID 25906
SynopsisThe remote Windows host has a program that is prone to a local privilege escalation attack.
DescriptionThe version of the Cisco VPN client installed on the remote host reportedly allows an unprivileged local user to elevate his privileges to the LocalSystem account by enabling the 'Start Before Login' feature and configuring a VPN profile to use Microsoft's Dial-Up Networking interface.
SolutionUpgrade to Cisco VPN Client version 4.8.02.0010 or later.