Privilege Escalation via Nortel Contivity VPN Client V05_01.030 Certificate Configuration Vulnerability

CVE-2005-2579 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.

Learn more about our User Device Pen Test.