CVE Vulnerabilities

CVE-2009-4118

Published: Dec 01, 2009 | Modified: Oct 25, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

Affected Software

Name Vendor Start Version End Version
Vpn_client Cisco 2.0 (including) 2.0 (including)
Vpn_client Cisco 3.0 (including) 3.0 (including)
Vpn_client Cisco 3.0.5 (including) 3.0.5 (including)
Vpn_client Cisco 3.1 (including) 3.1 (including)
Vpn_client Cisco 3.5.1 (including) 3.5.1 (including)
Vpn_client Cisco 3.5.1c (including) 3.5.1c (including)
Vpn_client Cisco 3.5.2 (including) 3.5.2 (including)
Vpn_client Cisco 3.6.5-base (including) 3.6.5-base (including)
Vpn_client Cisco 4.7.00.0000 (including) 4.7.00.0000 (including)
Vpn_client Cisco 4.8.00.0000 (including) 4.8.00.0000 (including)
Vpn_client Cisco 4.8.00.0440 (including) 4.8.00.0440 (including)
Vpn_client Cisco 4.8.1 (including) 4.8.1 (including)
Vpn_client Cisco 4.8.01-base (including) 4.8.01-base (including)
Vpn_client Cisco 4.8.02.0010-base (including) 4.8.02.0010-base (including)
Vpn_client Cisco 4.9-base (including) 4.9-base (including)
Vpn_client Cisco 5.0.00.340-base (including) 5.0.00.340-base (including)
Vpn_client Cisco 5.0.01 (including) 5.0.01 (including)
Vpn_client Cisco 5.0.01.0600-base (including) 5.0.01.0600-base (including)
Vpn_client Cisco 5.0.2.0090 (including) 5.0.2.0090 (including)
Vpn_client Cisco 5.0.02.0090-base (including) 5.0.02.0090-base (including)
Vpn_client Cisco 0490-base (including) 0490-base (including)

References