Deja-Vu: Cisco VPN Windows Client Privilege Escalation
Cisco released earlier today a bulletin regarding a vulnerability in the Cisco VPN client for Windows 7. The vulnerability is pretty simple: The client runs as a service, and all users logged in interactively have full access to the executable. A user could now replace the executable, restart the system and have the replacement running under the LocalSystem account.
The fix is pretty simple: Revoke the access rights for interactive users.
The interesting part : NGS Secure Research found the vulnerability, and released the details after Cisco released the patch [1]. The vulnerability is almost identical to one found in 2007 by the same company in the same product [2]
Very sad at times how some vendors don't learn. Lucky that at least companies like NGS appear to be doing some of the QA for them.
[1] http://www.securityfocus.com/archive/1/518638
[2] http://www.securityfocus.com/archive/1/476812
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
Jim
Jun 28th 2011
1 decade ago
dsh
Jun 29th 2011
1 decade ago