CVE-2009-4118

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-4118
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt Exploit
http://secunia.com/advisories/37419 Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=19445 Vendor Advisory
http://www.securityfocus.com/bid/37077 Exploit
http://www.vupen.com/english/advisories/2009/3296 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:3.6.5:base:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:4.7.00.0000:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:4.8.00.0000:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:4.8.00.0440:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:4.8.01:base:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:4.8.02.0010:base:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:4.9:base:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:5.0.00.340:base:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:5.0.01:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:5.0.01.0600:base:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:5.0.02.0090:base:windows:*:*:*:*:*
cpe:2.3:a:cisco:vpn_client:0490:base:windows:*:*:*:*:*
History

No history.

Information

Published : 2009-12-01 00:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-4118

Mitre link : CVE-2009-4118

CVE.ORG link : CVE-2009-4118

JSON object : View

Products Affected

cisco

  • vpn_client
CWE
NVD-CWE-Other