PT-2011-4022 · Cisco · Cisco Vpn Client

Gavin Jones

Published

2011-07-07

Updated

2018-10-09

CVE-2011-2678

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco VPN Client version 5.0.7.0240 Cisco VPN Client version 5.0.7.0290

Description The issue is related to weak permissions for the cvpnd.exe file, which can be exploited by local users to gain privileges. This is achieved by replacing the cvpnd.exe file with an arbitrary program.

Recommendations For Cisco VPN Client version 5.0.7.0240, update the permissions of cvpnd.exe to prevent local users from replacing the executable. For Cisco VPN Client version 5.0.7.0290, update the permissions of cvpnd.exe to prevent local users from replacing the executable.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2011-2678

Affected Products

Cisco Vpn Client

PT-2011-4022 · Cisco · Cisco Vpn Client

CVE-2011-2678

Related Identifiers

Affected Products

References · 6