CVE-2015-7600

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
ciscovpn_client
5.0
ciscovpn_client
5.0.01
ciscovpn_client
5.0.01.0600
ciscovpn_client
5.0.2
ciscovpn_client
5.0.02.0090
ciscovpn_client
5.0.2.0090
ciscovpn_client
5.0.03.0530
ciscovpn_client
5.0.03.0560
ciscovpn_client
5.0.04.0300
ciscovpn_client
5.0.5
ciscovpn_client
5.0.05.0290
ciscovpn_client
5.0.6
ciscovpn_client
5.0.06.0160
ciscovpn_client
5.0.7
ciscovpn_client
5.0.7.0240
ciscovpn_client
5.0.7.0290
ciscovpn_client
5.0.07.0290
ciscovpn_client
5.0.07.0410
ciscovpn_client
5.0.07.0440
ciscovpn_client
5.0.7.0440
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1033750
https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/
http://www.securitytracker.com/id/1033750
https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/