cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
2594
Views
0
Helpful
2
Replies

VPN Client version 5.0.0.7.0290 security flaw

mcantone29
Level 1
Level 1

All,

I wanted to share a recent find.  With Windows 7, probably other OS versions are also applicable, if a user launches a valid VPN connection it stays an open connect when opting to 'switch users.'  We confirmed this while setting up a new PC and no pre-established profiles on the computer excluding the local initial PC profile.  If VPN is open to a local PC profile the IP connection does not disconnect and bleeds into new connections.

M

2 Replies 2

Herbert Baerten
Cisco Employee
Cisco Employee

Hi,

Thank you for bringing this to our attention. For any (suspected) security vulnerability in a Cisco product, please report it to the Cisco Product Security Incident Response Team (PSIRT) at psirt@cisco.com :

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#roosfassv

regards

Herbert

This vulnerability is being tracked by CSCtn20472. The PSIRT team is tracking it with case number

PSIRT-0847721465. The developers are reviewing it and determining the fix, I will update you directly when it is resolved.

Thanks very much for letting us know. If you encounter vulnerabilities in the future, please send them directly to psirt@cisco.com. Thanks


-Wendy