VDB
CVE-2007-4415
CVE-2007-4415
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.
EPSS 0.05% · 15.6th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.05%
15.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | vpn_client | 5.0.01.0600, 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- 20070816 Local privilege escalation vulnerability in Cisco VPN client (circl)
- 20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client (circl)
- ADV-2007-2903 (circl)
- 3023 (circl)
- 26459 (circl)
- 25332 (circl)
- 1018573 (circl)
- cisco-vpn-cvpnd-privilege-escalation(36032) (circl)
Timeline
- Aug 15, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 20070816 Local privilege escalation vulnerability in Cisco VPN client mailing-list
- 20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client vendor-advisory
- ADV-2007-2903 vdb
- 3023 third-party-advisory
- 26459 third-party-advisory
- 25332 vdb
- 1018573 vdb
- cisco-vpn-cvpnd-privilege-escalation(36032) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2007-4415 advisory