HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-45
Local Privilege Escalation Vulnerabilities in Cisco VPN Client.

Original issue date: August 24, 2007

Severity Rating: High

Systems Affected

  • Cisco VPN Client – versions prior to 4.8.02.0010
  • Cisco VPN client – versions prior to 5.0.01.0600

Overview

Multiple vulnerabilities exist in the Cisco VPN Client for Microsoft Windows that may allow unprivileged users to get elevated privileges and gain full control of the system.

Description

The following vulnerabilities found in Cisco VPN Client for Microsoft Windows that may allow unprivileged users to get elevated privileges and gain full control of the system:

1. Local Privilege Escalation Through Microsoft Windows Dial-Up Networking Interface

By enabling the Start Before Logon (SBL) feature and configuring a VPN profile to use the Microsoft Dial-Up Networking interface concurrently, the Cisco VPN Client Graphical User Interface (GUI) will be available in the Windows logon screen and user can get administrative privileges.

2. Local Privilege Escalation Through Default cvpnd.exe File Permissions

By replacing the Cisco VPN Service executable with arbitrary executables, the default file permissions assigned during installation to cvpnd.exe (the executable for the Cisco VPN Service) allow normal, interactive users to replace cvpnd.exe with any file.

Workarounds

  • Local Privilege Escalation Through Microsoft Windows Dial-Up Networking Interface
    There are no workarounds for this vulnerability.
  • Local Privilege Escalation Through Default cvpnd.exe File Permissions
    An effective workaround for this vulnerability is to revoke access rights for NT AUTHORITY\INTERACTIVE from cvpnd.exe.

Vendor Information
Cisco
 http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml

References

Security Focus
http://www.securityfocus.com/bid/25332

FrSirt
http://www.frsirt.com/english/advisories/2007/2903

Secunia
http://secunia.com/advisories/20261/

 CVE-Name
CVE-2006-2679

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003