Vulnerabilities > CVE-2011-2678 - Local Security vulnerability in Cisco VPN Client 5.0.7.0240/5.0.7.0290

047910
CVSS 6.8 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
cisco
microsoft

Summary

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.

Vulnerable Configurations

Part Description Count
Application
Cisco
2
OS
Microsoft
1