VULHUB ™

The Cisco VPN client could allow a local attacker to escalate their privilege level. When the VPN client is set to start prior to logon, it runs with local System privileges. A third party application can also be set to be executed by the VPN client. Any application, such as explorer.exe, which is configured to be started by the VPN client, will in turn be executed with local System privileges. A variant of this issue was reported that affects versions of the VPN client which were thought to not be vulnerable.

The Cisco VPN client could allow a local attacker to escalate their privilege level. When the VPN client is set to start prior to logon, it runs with local System privileges. A third party application can also be set to be executed by the VPN client. Any application, such as explorer.exe, which is configured to be started by the VPN client, will in turn be executed with local System privileges. A variant of this issue was reported that affects versions of the VPN client which were thought to not be vulnerable.