Skip to content

ISC Diary | Deja-Vu: Cisco VPN Windows Client Privilege Escalation

giugno 28, 2011
–>

Deja-Vu: Cisco VPN Windows Client Privilege Escalation

–>

Share |

Published: 2011-06-28,
Last Updated: 2011-06-28 20:14:39 UTC
by Johannes Ullrich (Version: 1)

1 comment(s)

Cisco released earlier today a bulletin regarding a vulnerability in the Cisco VPN client for Windows 7. The vulnerability is pretty simple: The client runs as a service, and all users logged in interactively have full access to the executable. A user could now replace the executable, restart the system and have the replacement running under the LocalSystem account.

The fix is pretty simple: Revoke the access rights for interactive users.

The interesting part : NGS Secure Research found the vulnerability, and released the details after Cisco released the patch [1]. The vulnerability is almost identical to one found in 2007 by the same company in the same product [2]

Very sad at times how some vendors don’t learn. Lucky that at least companies like NGS appear to be doing some of the QA for them.

[1] http://www.securityfocus.com/archive/1/518638
[2] http://www.securityfocus.com/archive/1/476812

——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: cisco vpn

1 comment(s)

Annunci

From → Uncategorized

I commenti sono chiusi.

%d blogger hanno fatto clic su Mi Piace per questo: