Cisco VPN Client 5.x <= 5.0.07.0440 vpnclient.ini Privilege Escalation
High Nessus Plugin ID 93479
SynopsisThe VPN client installed on the remote Windows host is affected by a local privilege escalation vulnerability.
DescriptionThe version of the Cisco VPN client installed on the remote host is 5.x prior or equal to 5.0.07.0440. It is, therefore, affected by a flaw due to insecure permissions for file vpnclient.ini. A local attacker can exploit this, by inserting an arbitrary program name in the Command field of the ApplicationLauncher section of that file, to execute arbitrary code with elevated privileges.
SolutionThis software is no longer supported. Contact the vendor for options.