| Vulnerability Name: | CCN-12433 | ||||||
| Published: | 2003-05-22 | ||||||
| Updated: | 2003-05-22 | ||||||
| Summary: | Cisco Virtual Private Network (VPN) Client software could allow a local attacker to gain administrative privileges on the system. If the Cisco VPN Client software is set to start prior to login, it will run with local system privileges. A local attacker with a valid user account can configure a third party software, such as explorer.exe, to be started by the VPN client, which would execute the third party software with local system privileges, allowing the attacker to gain administrative privileges on the system. | ||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
| CVSS v2 Severity: | 7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||
| Vulnerability Consequences: | Gain Privileges | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu May 22 2003 - 13:54:54 CDT Cisco VPN Client can be used to gain local administrator rights (All Versions, patched or otherwise) Source: CCN Type: BugTraq Mailing List, Thu May 22 2003 - 21:30:37 CDT Re: Cisco VPN Client can be used to gain local administrator rights (All Versions, patched or otherwise) Source: CCN Type: SECTRACK ID: 1006819 Cisco VPN Client Lets Local Users Gain Administrator Privileges on the Operating System Source: CCN Type: BID-7599 Cisco VPN Client Privilege Escalation Vulnerability Source: CCN Type: BID-7665 Cisco VPN Client Privilege Escalation Variant Vulnerability Source: XF Type: UNKNOWN cisco-vpn-gain-privileges(12433) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||