Vulnerability Description
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn Client | 5.0 |
Related Weaknesses (CWE)
References
- http://www.securitytracker.com/id/1033750Third Party AdvisoryVDB Entry
- https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systemExploit
- http://www.securitytracker.com/id/1033750Third Party AdvisoryVDB Entry
- https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systemExploit
FAQ
What is CVE-2015-7600?
CVE-2015-7600 is a vulnerability with a CVSS score of 7.2 (HIGH). Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the Applicat...
How severe is CVE-2015-7600?
CVE-2015-7600 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7600?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn Client.