← Back

CVE-2011-2678

nvd nist
Published: Jul 7, 2011Modified: Apr 29, 2026

JSON object

Loading...
6.8
Vector
AV:L/AC:L/Au:S/C:C/I:C/A:C
Exploitability: 3.1 / Impact: 10.0
Source: NVD

Description

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.

Affected (2)

Products: Cisco: Vpn Client
Cisco
1 product
Vpn Client
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Vpn Client
Version 5.0.7.0240
Vpn Client
Version 5.0.7.0290
Running on/withPlatform Versions
Microsoft
Windows
All versions

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.