VPN Client version 5.0.0.7.0290 security flaw

mcantone29 · ‎01-14-2011

All,

I wanted to share a recent find. With Windows 7, probably other OS versions are also applicable, if a user launches a valid VPN connection it stays an open connect when opting to 'switch users.' We confirmed this while setting up a new PC and no pre-established profiles on the computer excluding the local initial PC profile. If VPN is open to a local PC profile the IP connection does not disconnect and bleeds into new connections.

M

Herbert Baerten · ‎01-24-2011

Hi,

Thank you for bringing this to our attention. For any (suspected) security vulnerability in a Cisco product, please report it to the Cisco Product Security Incident Response Team (PSIRT) at psirt@cisco.com :

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#roosfassv

regards

Herbert

wgarvin · ‎02-11-2011

This vulnerability is being tracked by CSCtn20472. The PSIRT team is tracking it with case number

PSIRT-0847721465. The developers are reviewing it and determining the fix, I will update you directly when it is resolved.

Thanks very much for letting us know. If you encounter vulnerabilities in the future, please send them directly to psirt@cisco.com. Thanks


-Wendy

VPN Client version 5.0.0.7.0290 security flaw

Cisco Secure Client 5.1.9.113 (MR9)

Cisco Secure Client 5.1.8.105 (MR8)

Cisco Secure Client 5.1.7.80 (MR7)

Cisco Secure Client 5.1.6.103 (MR6)

Cisco Secure Client 5.1.8.105 (MR8)