Vulnerability Details : CVE-2007-4415
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
Products affected by CVE-2007-4415
- cpe:2.3:a:cisco:vpn_client:*:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:5.0.01.0600:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4415
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4415
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:L/AC:L/Au:S/C:C/I:C/A:C |
3.1
|
10.0
|
NIST |
References for CVE-2007-4415
-
http://www.securityfocus.com/archive/1/476812/100/0/threaded
-
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
Local Privilege Escalation Vulnerabilities in Cisco VPN ClientPatch
-
http://www.securityfocus.com/bid/25332
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36032
-
http://securitytracker.com/id?1018573
Patch
-
http://www.vupen.com/english/advisories/2007/2903
-
http://securityreason.com/securityalert/3023
Jump to