CVE-2015-7600

Exploit

EPSS 0.07%
Published 06.10.2015 17:59:27
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Vpn Client Version5.0

Cisco ≫ Vpn Client Version5.0.01

Cisco ≫ Vpn Client Version5.0.01.0600

Cisco ≫ Vpn Client Version5.0.2

Cisco ≫ Vpn Client Version5.0.02.0090

Cisco ≫ Vpn Client Version5.0.2.0090

Cisco ≫ Vpn Client Version5.0.03.0530

Cisco ≫ Vpn Client Version5.0.03.0560

Cisco ≫ Vpn Client Version5.0.04.0300

Cisco ≫ Vpn Client Version5.0.5

Cisco ≫ Vpn Client Version5.0.05.0290

Cisco ≫ Vpn Client Version5.0.6

Cisco ≫ Vpn Client Version5.0.06.0160

Cisco ≫ Vpn Client Version5.0.7

Cisco ≫ Vpn Client Version5.0.7.0240

Cisco ≫ Vpn Client Version5.0.7.0290

Cisco ≫ Vpn Client Version5.0.07.0290

Cisco ≫ Vpn Client Version5.0.07.0410

Cisco ≫ Vpn Client Version5.0.07.0440

Cisco ≫ Vpn Client Version5.0.7.0440

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.205

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://www.securitytracker.com/id/1033750

Third Party Advisory

VDB Entry

https://www.nettitude.co.uk/vulnerability-discovered-in-unsupported-cisco-systems-vpn-client/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2015-7600

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7600

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7600

EUVD