CVE-2011-2678 - Vulnerability Details - OpenCVE

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Vpn Client
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:vpn_client:5.0.7.0240:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.7.0290:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://isc.sans.edu/diary.html?storyid=11125
http://securityreason.com/securityalert/8297
http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml
http://www.securityfocus.com/archive/1/518638/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/68485

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-07-07T19:00:00

Updated: 2024-08-06T23:08:23.711Z

Reserved: 2011-07-07T00:00:00

Link: CVE-2011-2678

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-07-07T19:55:03.210

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-2678

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.edu/diary.html?storyid=11125"}, {"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"}, {"name": "8297", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8297"}, {"name": "cisco-vpn-cvpnd-priv-esc(68485)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2678", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"}, {"name": "http://isc.sans.edu/diary.html?storyid=11125", "refsource": "MISC", "url": "http://isc.sans.edu/diary.html?storyid=11125"}, {"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"}, {"name": "8297", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8297"}, {"name": "cisco-vpn-cvpnd-priv-esc(68485)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:08:23.711Z"}, "title": "CVE Program Container", "references": [{"name": "20110628 NGS00051 Technical Advisory: Cisco VPN Client Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://isc.sans.edu/diary.html?storyid=11125"}, {"name": "20070815 Local Privilege Escalation Vulnerabilities in Cisco VPN Client", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"}, {"name": "8297", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8297"}, {"name": "cisco-vpn-cvpnd-priv-esc(68485)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2678", "datePublished": "2011-07-07T19:00:00", "dateReserved": "2011-07-07T00:00:00", "dateUpdated": "2024-08-06T23:08:23.711Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0240:*:*:*:*:*:*:*", "matchCriteriaId": "15B23F91-9BA0-4C07-ACAC-315C846F2754", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:vpn_client:5.0.7.0290:*:*:*:*:*:*:*", "matchCriteriaId": "B348A7D4-6753-4464-B1B8-1B94E09F65B7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression."}, {"lang": "es", "value": "El cliente VPN de Cisco v5.0.7.0240 y v5.0.7.0290 en plataformas de 64 bits de Windows utiliza permisos d\u00e9biles (NT AUTHORITY\\ INTERACTIVE:F) para cvpnd.exe, lo que permite a usuarios locales obtener privilegios mediante la sustituci\u00f3n de este archivo ejecutable por un programa de su elecci\u00f3n. Problema tambien conocido como, Bug ID CSCtn50645. NOTA: esta vulnerabilidad existe debido a una regresi\u00f3n de CVE-2007-4415."}], "id": "CVE-2011-2678", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-07-07T19:55:03.210", "references": [{"source": "cve@mitre.org", "url": "http://isc.sans.edu/diary.html?storyid=11125"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8297"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.edu/diary.html?storyid=11125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/518638/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68485"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}