Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1033750 | Third Party Advisory VDB Entry |
https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/ | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-10-06T17:00:00
Updated: 2016-12-06T18:57:01
Reserved: 2015-09-29T00:00:00
Link: CVE-2015-7600
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-10-06T17:59:27.057
Modified: 2017-01-05T14:04:59.133
Link: CVE-2015-7600
JSON object: View
Redhat Information
No data.
CWE