Nortel · Nortel Contivity Vpn Client · CVE-2005-2579
**Name of the Vulnerable Software and Affected Versions**
Nortel Contivity VPN Client version V05 01.030
**Description**
The issue arises when configuring a certificate for authentication, where the system fails to properly drop privileges. This allows local users to elevate their privileges by exploiting the File Open dialog box in a program.
**Recommendations**
For Nortel Contivity VPN Client version V05 01.030, consider restricting access to the certificate configuration feature until a proper fix is applied to ensure the system correctly handles privileges. As a temporary workaround, avoid using the File Open dialog box for certificate configuration to minimize the risk of exploitation.