CVE-2007-4415
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
Cisco VPN Client sobre Windows anterior a 5.0.01.0600, y la versión 5.0.01.0600 InstallShield (IS), utiliza permisos débiles para cvpnd.exe (modificando los privilegios en Interactive Users), lo cual permite a usuarios locales ganar privilegios a través de un cvpnd.exe modificado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-08-18 CVE Reserved
- 2007-08-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3023 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/476812/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2007/2903 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36032 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26459 | 2018-10-15 | |
| http://securitytracker.com/id?1018573 | 2018-10-15 | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml | 2018-10-15 | |
| http://www.securityfocus.com/bid/25332 | 2018-10-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Vpn Client Search vendor "Cisco" for product "Vpn Client" | <= 5.0.01 Search vendor "Cisco" for product "Vpn Client" and version " <= 5.0.01" | windows |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Vpn Client Search vendor "Cisco" for product "Vpn Client" | 5.0.01.0600 Search vendor "Cisco" for product "Vpn Client" and version "5.0.01.0600" | - |
Affected
| ||||||