Details of VAR-200605-0454

ID

VAR-200605-0454

CVE

CVE-2006-2679

TITLE

Cisco VPN Client Local Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 18094 // CNNVD: CNNVD-200605-568

DESCRIPTION

Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. Cisco VPN Client is susceptible to a local privilege-escalation vulnerability. This issue is due to an unspecified flaw in the VPN client GUI application. This issue allows local attackers to gain Local System privileges on affected computers. This facilitates the complete compromise of affected computers. This vulnerability affects Cisco VPN Clients on Microsoft Windows. Versions prior to 4.8.01.x, with the exception of version 4.7.00.0533, are affected. There is a loophole in the implementation of the Cisco VPN client, and local attackers may use this loophole to elevate their own access rights. A user must be able to authenticate and start an interactive Windows session to exploit this vulnerability. Successful exploitation of this vulnerability could allow a normal user or an attacker to take complete control of the system, circumventing any controls placed by the Windows system administrator. The vulnerability has been reported in versions 2.x, 3.x, 4.0.x, 4.6.x, 4.7.x (except version 4.7.00.0533), and 4.8.00.x for Windows. SOLUTION: Update to version 4.8.01.0300. http://www.cisco.com/pcgi-bin/tablebuild.pl/windows PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Andrew Christensen, FortConsult. * Johan Ronkainen ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060524-vpnclient.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-2679 // BID: 18094 // VULHUB: VHN-18787 // PACKETSTORM: 46650

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	3.1	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	4.7.00.0000	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	4.8.00.0000	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.2	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	2.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.5.1c	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	3.0.5	Trust: 1.6
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.6	Trust: 0.6
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.8	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows a	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.6.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	cisco	model:	vpn client for windows b	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	cisco	model:	vpn client for windows c	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.7	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	4.6	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	4.8.1	Trust: 0.3
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	4.7.0533	Trust: 0.3

sources: BID: 18094 // CNNVD: CNNVD-200605-568 // NVD: CVE-2006-2679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2679
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200605-568
value:	HIGH
Trust: 0.6
VULHUB:	VHN-18787
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-2679
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-18787
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-18787 // CNNVD: CNNVD-200605-568 // NVD: CVE-2006-2679

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2006-2679

THREAT TYPE

local

Trust: 1.0

sources: BID: 18094 // PACKETSTORM: 46650 // CNNVD: CNNVD-200605-568

TYPE

Design Error

Trust: 0.9

sources: BID: 18094 // CNNVD: CNNVD-200605-568

EXTERNAL IDS

db:	BID	id:	18094	Trust: 2.0
db:	SECUNIA	id:	20261	Trust: 1.8
db:	VUPEN	id:	ADV-2006-1964	Trust: 1.7
db:	SECTRACK	id:	1016156	Trust: 1.7
db:	NVD	id:	CVE-2006-2679	Trust: 1.7
db:	OSVDB	id:	25888	Trust: 1.7
db:	CNNVD	id:	CNNVD-200605-568	Trust: 0.7
db:	CISCO	id:	20060524 WINDOWS VPN CLIENT LOCAL PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	XF	id:	26632	Trust: 0.6
db:	VULHUB	id:	VHN-18787	Trust: 0.1
db:	PACKETSTORM	id:	46650	Trust: 0.1

sources: VULHUB: VHN-18787 // BID: 18094 // PACKETSTORM: 46650 // CNNVD: CNNVD-200605-568 // NVD: CVE-2006-2679

REFERENCES

url:	http://www.cisco.com/en/us/products/products_security_advisory09186a008069a323.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/18094	Trust: 1.7
url:	http://www.osvdb.org/25888	Trust: 1.7
url:	http://securitytracker.com/id?1016156	Trust: 1.7
url:	http://secunia.com/advisories/20261	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1964	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26632	Trust: 1.1
url:	http://www.frsirt.com/english/advisories/2006/1964	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/26632	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2308/index.html	Trust: 0.3
url:	/archive/1/434934	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20060524-vpnclient.shtml	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/1574/	Trust: 0.1
url:	http://secunia.com/advisories/20261/	Trust: 0.1
url:	http://secunia.com/product/123/	Trust: 0.1
url:	http://secunia.com/product/124/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://www.cisco.com/pcgi-bin/tablebuild.pl/windows	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-18787 // BID: 18094 // PACKETSTORM: 46650 // CNNVD: CNNVD-200605-568 // NVD: CVE-2006-2679

CREDITS

Andrew Christensen Johan Ronkainen

Trust: 0.6

sources: CNNVD: CNNVD-200605-568

SOURCES

db:	VULHUB	id:	VHN-18787
db:	BID	id:	18094
db:	PACKETSTORM	id:	46650
db:	CNNVD	id:	CNNVD-200605-568
db:	NVD	id:	CVE-2006-2679

LAST UPDATE DATE

2025-04-03T22:39:46.860000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-18787	date:	2017-07-20T00:00:00
db:	BID	id:	18094	date:	2006-07-28T18:47:00
db:	CNNVD	id:	CNNVD-200605-568	date:	2006-05-31T00:00:00
db:	NVD	id:	CVE-2006-2679	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-18787	date:	2006-05-31T00:00:00
db:	BID	id:	18094	date:	2006-05-24T00:00:00
db:	PACKETSTORM	id:	46650	date:	2006-05-26T01:12:24
db:	CNNVD	id:	CNNVD-200605-568	date:	2006-05-31T00:00:00
db:	NVD	id:	CVE-2006-2679	date:	2006-05-31T10:06:00