Cisco VPN Client 5.x < 5.0.07.0440 Untrusted Search Path DLL Privilege Escalation
Medium Nessus Plugin ID 93478
SynopsisThe VPN client installed on the remote Windows host is affected by a local privilege escalation vulnerability.
DescriptionThe version of the Cisco VPN client installed on the remote host is 5.x prior to 5.0.07.0440. It is, therefore, affected by a flaw related to loading dynamic link library (DLL) files due to searching fixed paths that may not be trusted or under user control. A local attacker can exploit this, via a trojan DLL injected into the search path, to execute arbitrary code with elevated privileges.
SolutionThis software is no longer supported. Contact the vendor for options.