CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2015-7600
https://notcve.org/view.php?id=CVE-2015-7600
06 Oct 2015 — Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. Cisco VPN Client 5.x hasta la versión 5.0.07.0440 utiliza permisos débiles para vpnclient.ini, lo que permite a usuarios locales obtener privilegios mediante la entrada de un nombre de programa arbitrario en el campo Command de la sección ApplicationLauncher. • http://www.securitytracker.com/id/1033750 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5429
https://notcve.org/view.php?id=CVE-2012-5429
17 Jan 2013 — The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. El controlador de VPN en Cisco VPN Client en Windows no trata interactua correctamente con el núcleo, lo que permite a usuarios locales provocar una denegación de servicio (fallo del núcleo y caída del sistema) a través de una aplicación hecha a mano. Se trata de un problema también co... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5429 •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2012-3052
https://notcve.org/view.php?id=CVE-2012-3052
16 Sep 2012 — Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. Vulnerabilidad de path de búsqueda no confiable en Cisco VPN Client v5.0 permite a usuarios locales obtener privilegios a través de un fichero .dll troyanizado en el directorio de trabajo actual también conocido como Bug ID CSCua28747. • http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2678
https://notcve.org/view.php?id=CVE-2011-2678
07 Jul 2011 — The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression. El cliente VPN de Cisco v5.0.7.0240 y v5.0.7.0290 en plataformas de 64 bits de Windows utiliza permisos débiles (NT AUTHORITY\ INTERACTIVE:F) para cvpnd.exe, lo que permite... • http://isc.sans.edu/diary.html?storyid=11125 •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 4CVE-2009-4118 – Cisco VPN Client - Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2009-4118
01 Dec 2009 — The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. La función StartServiceCtrlDispatcher en el servicio cvpnd (cvpnd.exe) del cliente Cisco VPN para Windows versiones anteriores a 5.0.06.0100 no maneja ... • https://www.exploit-db.com/exploits/10190 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2008-5121 – Deterministic Network Enhancer - 'dne2000.sys' Kernel Ring0 SYSTEM
https://notcve.org/view.php?id=CVE-2008-5121
18 Nov 2008 — dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. dne2000.sys en Citrix Deterministic Network Enhancer (DNE) desde la version 2.21.7.233 a la 3.21.7.17464, tal y como se usa en (1) Cisco VPN Client, (2) Blue Coat WinProxy, y (3) SafeNet Soft... • https://www.exploit-db.com/exploits/5837 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0324 – Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)
https://notcve.org/view.php?id=CVE-2008-0324
17 Jan 2008 — Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 permite a usuarios locales provocar una denegación de servicio (caída) llamando as IOCTL 0x80002038 con valor de tamaño pequeño, lo cual provoca una corrupción de memoria. • https://www.exploit-db.com/exploits/4911 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4414
https://notcve.org/view.php?id=CVE-2007-4414
18 Aug 2007 — Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. Cisco VPN Client sobre Windows anterior a 4.8.02.0010 permite a usuarios locales obtener privilegios habilitando las opciones "Iniciar Antes del Inicio de Sesión" (Start Before Logon o SBL) y Conexión de Acceso Telefónico Remoto de Microsoft (Microsoft Dial-Up Networking), y despu... • http://secunia.com/advisories/26459 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4415
https://notcve.org/view.php?id=CVE-2007-4415
18 Aug 2007 — Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. Cisco VPN Client sobre Windows anterior a 5.0.01.0600, y la versión 5.0.01.0600 InstallShield (IS), utiliza permisos débiles para cvpnd.exe (modificando los privilegios en Interactive Users), lo cual permite a usuarios locales ganar privilegios a través de un cvpnd.exe m... • http://secunia.com/advisories/26459 •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2007-1467
https://notcve.org/view.php?id=CVE-2007-1467
16 Mar 2007 — Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engin... • http://secunia.com/advisories/24499 •