Info

Disclosure

May 24, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Cisco VPN Client for Windows contains an unspecified flaw related to the VPN Dialer that may allow a user to gain access to unauthorized privileges via privilege escalation. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.8.01.0300 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	VPN Client for Windows	2.x
		3.x
		4.0.x
		4.6.x
		4.7.x
		4.8.00.x

References

Security Tracker: 1016156
Bugtraq ID: 18094
CVE ID: 2006-2679 (see also: NVD)
Secunia Advisory ID: 20261
SCIP VulDB ID: 2263
ISS X-Force ID: 26632
VUPEN Advisory: ADV-2006-1964
Keyword: CSCsd79265
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0615.html
Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20060524-vpnclient.shtml

Credit

Andrew Christensen - FortConsult
Johan Ronkainen -

Direct URL: http://osvdb.org/25888

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

VPN Client for Windows

References

Credit