Cisco VPN Client Local Privilege Escalation Vulnerability

Bugtraq ID:	18094
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	May 24 2006 12:00AM
Updated:	Jul 28 2006 06:47PM
Credit:	This vulnerability was independently reported to Cisco by Andrew Christensen from FortConsult and by Johan Ronkainen.
Vulnerable:	Cisco VPN Client for Windows 4.8 Cisco VPN Client for Windows 4.0.2 C Cisco VPN Client for Windows 4.0.2 A Cisco VPN Client for Windows 3.6.1 Cisco VPN Client for Windows 3.6 (Rel) Cisco VPN Client for Windows 3.6 Cisco VPN Client for Windows 3.5.4 Cisco VPN Client for Windows 3.5.2 B Cisco VPN Client for Windows 3.5.2 Cisco VPN Client for Windows 3.5.1 C Cisco VPN Client for Windows 3.5.1 Cisco VPN Client for Windows 3.1 Cisco VPN Client for Windows 3.0.5 Cisco VPN Client for Windows 3.0 Cisco VPN Client for Windows 2.0 Cisco VPN Client for Windows 4.7 Cisco VPN Client for Windows 4.6
Not Vulnerable:	Cisco VPN Client for Windows 4.8.1 Cisco VPN Client for Windows 4.7 .0533

Cisco VPN Client Local Privilege Escalation Vulnerability

Cisco VPN Client is susceptible to a local privilege-escalation vulnerability. This issue is due to an unspecified flaw in the VPN client GUI application.

This issue allows local attackers to gain Local System privileges on affected computers. This facilitates the complete compromise of affected computers.

This vulnerability affects Cisco VPN Clients on Microsoft Windows. Versions prior to 4.8.01.x, with the exception of version 4.7.00.0533, are affected.

Cisco VPN Client Local Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Cisco VPN Client Local Privilege Escalation Vulnerability

Solution:
Cisco has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.

Cisco VPN Client Local Privilege Escalation Vulnerability

References:

• Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerabi (Cisco)
  
• VPN Client (Cisco Systems)
  
• Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerabi (Cisco Systems Product Security Incident Response Team )