CVE-2019-6145
https://notcve.org/view.php?id=CVE-2019-6145
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. Forcepoint VPN Client para Windows versiones anteriores a 6.6.1, presenta una vulnerabilidad de ruta de búsqueda sin comillas. • https://help.forcepoint.com/security/CVE/CVE-2019-6145.html https://safebreach.com/Post/Forcepoint-VPN-Client-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-6145 • CWE-428: Unquoted Search Path or Element •
CVE-2015-7600
https://notcve.org/view.php?id=CVE-2015-7600
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. Cisco VPN Client 5.x hasta la versión 5.0.07.0440 utiliza permisos débiles para vpnclient.ini, lo que permite a usuarios locales obtener privilegios mediante la entrada de un nombre de programa arbitrario en el campo Command de la sección ApplicationLauncher. • http://www.securitytracker.com/id/1033750 https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3052
https://notcve.org/view.php?id=CVE-2012-3052
Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. Vulnerabilidad de path de búsqueda no confiable en Cisco VPN Client v5.0 permite a usuarios locales obtener privilegios a través de un fichero .dll troyanizado en el directorio de trabajo actual también conocido como Bug ID CSCua28747. • http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html •
CVE-2009-4118 – Cisco VPN Client - Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2009-4118
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. La función StartServiceCtrlDispatcher en el servicio cvpnd (cvpnd.exe) del cliente Cisco VPN para Windows versiones anteriores a 5.0.06.0100 no maneja correctamente un error ERROR_FAILED_SERVICE_CONTROLLER_CONNECT, permitiendo que usuarios locales provoquen una denegación de servicio (parada del servicio y perdida de conexión VPN) mediante un inicio manual de cvpnd.exe mientras se está ejecutando el servicio cvpnd. • https://www.exploit-db.com/exploits/10190 https://github.com/alt3kx/CVE-2009-4118 http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt http://secunia.com/advisories/37419 http://tools.cisco.com/security/center/viewAlert.x?alertId=19445 http://www.securityfocus.com/bid/37077 http://www.vupen.com/english/advisories/2009/3296 •