PT-2011-4022 · Cisco · Cisco Vpn Client

Gavin Jones

Publicado

2011-07-07

Atualizado

2018-10-09

CVE-2011-2678

CVSS v2.0

6.8

Média

Vetor

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco VPN Client version 5.0.7.0240 Cisco VPN Client version 5.0.7.0290

Description The issue is related to weak permissions for the cvpnd.exe file, which can be exploited by local users to gain privileges. This is achieved by replacing the cvpnd.exe file with an arbitrary program.

Recommendations For Cisco VPN Client version 5.0.7.0240, update the permissions of cvpnd.exe to prevent local users from replacing the executable. For Cisco VPN Client version 5.0.7.0290, update the permissions of cvpnd.exe to prevent local users from replacing the executable.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2011-2678

Produtos afetados

Cisco Vpn Client

PT-2011-4022 · Cisco · Cisco Vpn Client

CVE-2011-2678

Identificadores relacionados

Produtos afetados

Referências · 6