Summary
The remote windows host contains an application that is affected by a privilege escalation vulnerability.
Description :
The installed Cisco VPN Client version is prone to a privilege escalation attack. By using the 'Start before logon' feature in the VPN client dialer, a local attacker may gain privileges and execute arbitrary commands with SYSTEM privileges.
Solution
Upgrade to version 4.8.01.0300 or a later.
Severity
Classification
-
CVE CVE-2006-2679 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft RPC Interface Buffer Overrun (KB824146)
- Microsoft ASP.NET Insecure Site Configuration Vulnerability (2905247)
- Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
- Microsoft Word Could Allow Remote Code Execution Vulnerability
- Microsoft Windows XP SP3 denial of service vulnerability