CVE-2007-4415

Published: Aug 18, 2007Modified: Apr 23, 2026

6.8

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 3.1 / Impact: 10.0

Source: NVD

Description

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

Affected (2)

Products: Cisco: Vpn Client

Cisco

1 product

Vpn Client

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Vpn Client	Up to 5.0.01
Cisco Vpn Client	Version 5.0.01.0600

References (16)

http://secunia.com/advisories/26459

Source: cve@mitre.org

PatchVendor Advisory

http://securityreason.com/securityalert/3023

Source: cve@mitre.org

http://securitytracker.com/id?1018573

Source: cve@mitre.org

Patch

http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/476812/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/25332

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2007/2903

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/36032

Source: cve@mitre.org

http://secunia.com/advisories/26459