The root access vulnerability affects versions of the VPN 5000 Client for Linux and Solaris, while the password vulnerability affects the VPN 5000 Client for Macintosh.
Cisco released a security advisory covering the vulnerabilities last week and provided links to the related Cisco bug identifiers and software updates on its Web site.
The vulnerability affecting VPN 5000 clients for the Linux and Solaris could enable an attacker who was logged on to the remote workstation to assign root privileges to their own login account, giving that user total administrative control of the workstation and open access to data stored on that machine.
The condition can be exploited without special knowledge of VPN technology according to Niels Heinen, a security assurance engineer at Ubizen, who reported the issue to Cisco in early July.
"Its an easy exploit - the kind you see in buffer overflow tutorials. It doesn't require a tremendous amount of technical knowledge to use it," Heinen said.
The buffer overflow vulnerability would require local access to the machine running the VPN Client, and would only compromise the security of the local workstation, not the security of the remote networks connected to by the VPN Client, Heinen said.
The vulnerabilities affect all versions of Cisco VPN Client software for Linux prior to version 5.2.7 and all versions of Cisco VPN Client software for Solaris prior to version 5.2.8.
This was the second security advisory affecting Cisco's VPN technology to be released in the past month. On 6 September, Cisco issued a pair of security advisories concerning vulnerabilities it had discovered in its VPN 3000 Client and its line of VPN 3000 concentrators.
Software patches for those vulnerabilities, as well as the two discovered this week, are posted on Cisco's Web site. Cisco is encouraging its customers using the VPN 5000 Client on affected operating systems to upgrade to the latest version of its client software.