Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - Deja-Vu: Cisco VPN Windows Client Privilege Escalation InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Deja-Vu: Cisco VPN Windows Client Privilege Escalation

Published: 2011-06-28
Last Updated: 2011-06-28 20:14:39 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

Cisco released earlier today a bulletin regarding a vulnerability in the Cisco VPN client for Windows 7. The vulnerability is pretty simple: The client runs as a service, and all users logged in interactively have full access to the executable. A user could now replace the executable, restart the system and have the replacement running under the LocalSystem account.

The fix is pretty simple: Revoke the access rights for interactive users.

The interesting part : NGS Secure Research found the vulnerability, and released the details after Cisco released the patch [1]. The vulnerability is almost identical to one found in 2007 by the same company in the same product [2]

Very sad at times how some vendors don't learn. Lucky that at least companies like NGS appear to be doing some of the QA for them.

[1] http://www.securityfocus.com/archive/1/518638
[2] http://www.securityfocus.com/archive/1/476812

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: cisco vpn
2 comment(s)
Diary Archives