CVE-2009-4118

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
ciscovpn_client
2.0
ciscovpn_client
3.0
ciscovpn_client
3.0.5
ciscovpn_client
3.1
ciscovpn_client
3.5.1
ciscovpn_client
3.5.1c:c
ciscovpn_client
3.5.2
ciscovpn_client
3.6.5:base
ciscovpn_client
4.7.00.0000
ciscovpn_client
4.8.00.0000
ciscovpn_client
4.8.00.0440
ciscovpn_client
4.8.1
ciscovpn_client
4.8.01:base
ciscovpn_client
4.8.02.0010:base
ciscovpn_client
4.9:base
ciscovpn_client
5.0.00.340:base
ciscovpn_client
5.0.01
ciscovpn_client
5.0.01.0600:base
ciscovpn_client
5.0.2.0090
ciscovpn_client
5.0.02.0090:base
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt
http://secunia.com/advisories/37419
http://tools.cisco.com/security/center/viewAlert.x?alertId=19445
http://www.securityfocus.com/bid/37077
http://www.vupen.com/english/advisories/2009/3296
http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt
http://secunia.com/advisories/37419
http://tools.cisco.com/security/center/viewAlert.x?alertId=19445
http://www.securityfocus.com/bid/37077
http://www.vupen.com/english/advisories/2009/3296