Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability

["Fergie" <fergdawg () netzero net>]

Via Cisco.

[snip]

Summary
The Cisco VPN Client for Windows is affected by a local privilege escalation vulnerability that allows non-privileged 
users to gain administrative privileges.

A user needs to authenticate and start an interactive Windows session to be able to exploit this vulnerability.

Affected/Vulnerable Products
The following versions of the Cisco VPN Client for Windows (excluding Windows 9x users) are affected:

2.x
3.x
4.0.x
4.6.x
4.7.x with the exception of version 4.7.00.0533
4.8.00.x

This vulnerability is fixed in version 4.8.01.0300 of the Cisco VPN Client for Windows, which can be downloaded from 
the following location:

http://www.cisco.com/pcgi-bin/tablebuild.pl/windows (registered customers only)

[snip]

Link:
http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.