CVE-2011-2678

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:vpn_client:5.0.7.0240:*:*:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:5.0.7.0290:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-07-07 19:55

Updated : 2024-02-04 17:54


NVD link : CVE-2011-2678

Mitre link : CVE-2011-2678

CVE.ORG link : CVE-2011-2678


JSON object : View

Products Affected

microsoft

  • windows

cisco

  • vpn_client