Vulnerabilities > CVE-2005-2579 - Local Security vulnerability in Nortel Contivity V0501.030

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
nortel

Summary

Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. Patch released by vendor.

Vulnerable Configurations

Part Description Count
Hardware
Nortel
1