CVE-2011-2678

medium Cisco
CVSS v3 Base Score
6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS Score
0.1%
Exploitation probability in 30 days
Top 80% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: July 7, 2011 (5424 days ago)
Last Modified: April 29, 2026
Vendor: Cisco
Source: NVD

Description

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.

CWE

NVD-CWE-Other

Affected Products

cisco vpn client

References

🔗 isc.sans.edu 🔗 securityreason.com 🔗 www.cisco.com 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com