CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6145
https://notcve.org/view.php?id=CVE-2019-6145
20 Sep 2019 — Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. Forcepoint VPN Client para Windows versiones anteriores a 6.6.1, presenta una vulnerabilidad de ruta de búsqueda sin comillas. • https://help.forcepoint.com/security/CVE/CVE-2019-6145.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-6724
https://notcve.org/view.php?id=CVE-2019-6724
18 Mar 2019 — The barracudavpn component of the Barracuda VPN Client prior to version 5.0.2.7 for Linux, macOS, and OpenBSD runs as a privileged process and can allow an unprivileged local attacker to load a malicious library, resulting in arbitrary code executing as root. El componente barracudavpn de Barracuda VPN Client, en versiones anteriores a la 5.0.2.7 para Linux, macOS y OpenBSD, se ejecuta como proceso privilegiado y puede permitir que un atacante local sin privilegios cargue una librería maliciosa, lo que resu... • http://campus.barracuda.com/product/networkaccessclient/doc/78154147/release-notes-barracuda-vpn-client-for-macos • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 4CVE-2009-4118 – Cisco VPN Client - Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2009-4118
01 Dec 2009 — The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. La función StartServiceCtrlDispatcher en el servicio cvpnd (cvpnd.exe) del cliente Cisco VPN para Windows versiones anteriores a 5.0.06.0100 no maneja ... • https://www.exploit-db.com/exploits/10190 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4415
https://notcve.org/view.php?id=CVE-2007-4415
18 Aug 2007 — Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. Cisco VPN Client sobre Windows anterior a 5.0.01.0600, y la versión 5.0.01.0600 InstallShield (IS), utiliza permisos débiles para cvpnd.exe (modificando los privilegios en Interactive Users), lo cual permite a usuarios locales ganar privilegios a través de un cvpnd.exe m... • http://secunia.com/advisories/26459 •