CVE-2015-7600

EUVD-2015-7504
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
ciscovpn_client
5.0
ciscovpn_client
5.0.01
ciscovpn_client
5.0.01.0600
ciscovpn_client
5.0.2
ciscovpn_client
5.0.02.0090
ciscovpn_client
5.0.2.0090
ciscovpn_client
5.0.03.0530
ciscovpn_client
5.0.03.0560
ciscovpn_client
5.0.04.0300
ciscovpn_client
5.0.5
ciscovpn_client
5.0.05.0290
ciscovpn_client
5.0.6
ciscovpn_client
5.0.06.0160
ciscovpn_client
5.0.7
ciscovpn_client
5.0.7.0240
ciscovpn_client
5.0.7.0290
ciscovpn_client
5.0.07.0290
ciscovpn_client
5.0.07.0410
ciscovpn_client
5.0.07.0440
ciscovpn_client
5.0.7.0440
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1033750
https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/
http://www.securitytracker.com/id/1033750
https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/