Cisco VPN Client cvpnd.exe Privilege Escalation

Medium Nessus Plugin ID 55568


The VPN client installed on the remote Windows host has a privilege escalation vulnerability.


The Cisco VPN client installed on the remote host has a privilege escalation vulnerability. cvpnd.exe, which is executed by the Cisco VPN Service, has insecure permissions. A local attacker could replace this file with arbitrary code, which would later be executed by the Cisco VPN Service, resulting in an elevation of privileges.

The following versions are vulnerable :

- 32-bit versions prior to
- 64-bit version
- 64-bit version


Upgrade to Cisco VPN Client 32-bit version / 64-bit version or later. Cisco notes that the 32-bit MSI package contains the fix for this vulnerability, while the IS package does not.

See Also

Plugin Details

Severity: Medium

ID: 55568

File Name: cisco_vpn_client_sa-20070815.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2011/07/12

Modified: 2016/05/04

Dependencies: 25549

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:vpn_client

Required KB Items: SMB/CiscoVPNClient/Version, SMB/CiscoVPNClient/Path, SMB/transport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/08/15

Vulnerability Publication Date: 2007/08/15

Reference Information

CVE: CVE-2007-4415

BID: 25332

OSVDB: 40872

CISCO-BUG-ID: CSCsj00785, CSCtn50645

IAVA: 2009-A-0106

CISCO-SA: cisco-sa-20070815-vpnclient