Details of VAR-200708-0372

ID

VAR-200708-0372

CVE

CVE-2007-4414

TITLE

Windows upper Cisco VPN Client Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2007-002519

DESCRIPTION

Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. Cisco VPN Client for Windows is prone to multiple local privilege-escalation vulnerabilities. Successfully exploiting these issues allows attackers with local, interactive access to affected computers to gain SYSTEM-level privileges. This facilitates the complete compromise of affected computers. Versions prior to 4.8.02.0010 and 5.0.01.0600 of Cisco VPN Client for the Microsoft Windows platform are vulnerable to these issues. These issues are tracked as Cisco Bug IDs CSCse89550 and CSCsj00785. "The Cisco VPN Client allows users to create IPSec VPN tunnels to Cisco VPN enabled devices. 1. Note that configuring these two settings does not require the user to have administrative privileges. 2. Unprivileged users can obtain privilege escalation through the use of any executable program Replacing the Cisco VPN Service executable causes arbitrary programs to run with the privileges of the LocalSystem account. The cause of this vulnerability is that the default file permissions assigned to cvpnd.exe (the Cisco VPN Service executable) during installation allow unprivileged interactive users Replace cvpnd.exe with any file.Since the Cisco VPN Service is a Windows service that runs with LocalSystem privileges, unprivileged users can easily elevate privileges

Trust: 2.07

sources: NVD: CVE-2007-4414 // JVNDB: JVNDB-2007-002519 // BID: 25332 // VULHUB: VHN-27776 // VULMON: CVE-2007-4414

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	lte	version:	4.8.1	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	lt	version:	windows edition 4.8.02.0010	Trust: 0.8
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.6	Trust: 0.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	4.8.1	Trust: 0.6
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.8.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.8.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.8	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.7.0533	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows a	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for windows b	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.7	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.6	Trust: 0.3
vendor:	cisco	model:	vpn client	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	5.0.1.0600	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	4.8.2.0010	Trust: 0.3

sources: BID: 25332 // JVNDB: JVNDB-2007-002519 // CNNVD: CNNVD-200708-313 // NVD: CVE-2007-4414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4414
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-4414
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200708-313
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-27776
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2007-4414
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4414
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-27776
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27776 // VULMON: CVE-2007-4414 // JVNDB: JVNDB-2007-002519 // CNNVD: CNNVD-200708-313 // NVD: CVE-2007-4414

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4414

THREAT TYPE

local

Trust: 0.9

sources: BID: 25332 // CNNVD: CNNVD-200708-313

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200708-313

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002519

PATCH

title:

cisco-sa-20070815-vpnclient

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070815-vpnclient

Trust: 0.8

sources: JVNDB: JVNDB-2007-002519

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4414	Trust: 2.9
db:	BID	id:	25332	Trust: 2.1
db:	SECUNIA	id:	26459	Trust: 1.8
db:	SECTRACK	id:	1018573	Trust: 1.8
db:	VUPEN	id:	ADV-2007-2903	Trust: 1.8
db:	JVNDB	id:	JVNDB-2007-002519	Trust: 0.8
db:	XF	id:	36029	Trust: 0.6
db:	CISCO	id:	20070815 LOCAL PRIVILEGE ESCALATION VULNERABILITIES IN CISCO VPN CLIENT	Trust: 0.6
db:	CNNVD	id:	CNNVD-200708-313	Trust: 0.6
db:	VULHUB	id:	VHN-27776	Trust: 0.1
db:	VULMON	id:	CVE-2007-4414	Trust: 0.1

sources: VULHUB: VHN-27776 // VULMON: CVE-2007-4414 // BID: 25332 // JVNDB: JVNDB-2007-002519 // CNNVD: CNNVD-200708-313 // NVD: CVE-2007-4414

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/25332	Trust: 1.9
url:	http://securitytracker.com/id?1018573	Trust: 1.8
url:	http://secunia.com/advisories/26459	Trust: 1.8
url:	http://www.vupen.com/english/advisories/2007/2903	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36029	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4414	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4414	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/2903	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/36029	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2308/index.html	Trust: 0.3
url:	/archive/1/476651	Trust: 0.3
url:	/archive/1/476812	Trust: 0.3
url:	/archive/1/517180	Trust: 0.3
url:	/archive/1/518638	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-27776 // VULMON: CVE-2007-4414 // BID: 25332 // JVNDB: JVNDB-2007-002519 // CNNVD: CNNVD-200708-313 // NVD: CVE-2007-4414

CREDITS

Dominic Beecher※ dominic@ngssoftware.com

Trust: 0.6

sources: CNNVD: CNNVD-200708-313

SOURCES

db:	VULHUB	id:	VHN-27776
db:	VULMON	id:	CVE-2007-4414
db:	BID	id:	25332
db:	JVNDB	id:	JVNDB-2007-002519
db:	CNNVD	id:	CNNVD-200708-313
db:	NVD	id:	CVE-2007-4414

LAST UPDATE DATE

2024-11-23T22:36:08.343000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27776	date:	2017-07-29T00:00:00
db:	VULMON	id:	CVE-2007-4414	date:	2017-07-29T00:00:00
db:	BID	id:	25332	date:	2016-07-05T22:00:00
db:	JVNDB	id:	JVNDB-2007-002519	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200708-313	date:	2007-08-28T00:00:00
db:	NVD	id:	CVE-2007-4414	date:	2024-11-21T00:35:32.280

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27776	date:	2007-08-18T00:00:00
db:	VULMON	id:	CVE-2007-4414	date:	2007-08-18T00:00:00
db:	BID	id:	25332	date:	2007-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2007-002519	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200708-313	date:	2007-08-18T00:00:00
db:	NVD	id:	CVE-2007-4414	date:	2007-08-18T21:17:00