CVE-2015-7600

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id/1033750	Third Party Advisory VDB Entry
https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/	Exploit
http://www.securitytracker.com/id/1033750	Third Party Advisory VDB Entry
https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:vpn_client:5.0:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.01:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.01.0600:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.2:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.02.0090:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.2.0090:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.03.0530:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.03.0560:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.04.0300:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.5:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.05.0290:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.6:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.06.0160:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.7:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.7.0240:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.7.0290:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.07.0290:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.07.0410:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.07.0440:::::::*
	cpe:2.3:a:cisco:vpn_client:5.0.7.0440:::::::*

History

21 Nov 2024, 02:37

Type	Values Removed	Values Added
References	~~() http://www.securitytracker.com/id/1033750 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1033750 - Third Party Advisory, VDB Entry
References	~~() https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/ - Exploit~~	() https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/ - Exploit

Information

Published : 2015-10-06 17:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-7600

Mitre link : CVE-2015-7600

CVE.ORG link : CVE-2015-7600

JSON object : View

Products Affected

cisco

vpn_client

CWE

CWE-264

Permissions, Privileges, and Access Controls

7.2 /10