Cisco VPN Client on Windows prior to 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco vpn client 5.0.01.0600 |
||
cisco vpn client |