Cisco · Cisco Vpn Client · CVE-2011-2678
**Name of the Vulnerable Software and Affected Versions**
Cisco VPN Client version 5.0.7.0240
Cisco VPN Client version 5.0.7.0290
**Description**
The issue is related to weak permissions for the cvpnd.exe file, which can be exploited by local users to gain privileges. This is achieved by replacing the cvpnd.exe file with an arbitrary program.
**Recommendations**
For Cisco VPN Client version 5.0.7.0240, update the permissions of cvpnd.exe to prevent local users from replacing the executable.
For Cisco VPN Client version 5.0.7.0290, update the permissions of cvpnd.exe to prevent local users from replacing the executable.