Cisco VPN Client 5.x <= vpnclient.ini Privilege Escalation

High Nessus Plugin ID 93479


The VPN client installed on the remote Windows host is affected by a local privilege escalation vulnerability.


The version of the Cisco VPN client installed on the remote host is 5.x prior or equal to It is, therefore, affected by a flaw due to insecure permissions for file vpnclient.ini. A local attacker can exploit this, by inserting an arbitrary program name in the Command field of the ApplicationLauncher section of that file, to execute arbitrary code with elevated privileges.


This software is no longer supported. Contact the vendor for options.

See Also

Plugin Details

Severity: High

ID: 93479

File Name: cisco_vpn_client_CVE-2015-7600.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2016/09/14

Modified: 2016/11/17

Dependencies: 25549

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND


Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:cisco:vpn_client

Required KB Items: SMB/CiscoVPNClient/Version

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2015/10/01

Reference Information

CVE: CVE-2015-7600

OSVDB: 128536