CVE Vulnerabilities

CVE-2009-4118

Published: Dec 01, 2009 | Modified: Oct 25, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

Affected Software

Name Vendor Start Version End Version
Vpn_client Cisco 5.0.02.0090 5.0.02.0090
Vpn_client Cisco 4.8.02.0010 4.8.02.0010
Vpn_client Cisco 3.5.1c 3.5.1c
Vpn_client Cisco 4.7.00.0000 4.7.00.0000
Vpn_client Cisco 3.1 3.1
Vpn_client Cisco 5.0.01.0600 5.0.01.0600
Vpn_client Cisco 5.0.01 5.0.01
Vpn_client Cisco 3.0 3.0
Vpn_client Cisco 4.8.1 4.8.1
Vpn_client Cisco 4.9 4.9
Vpn_client Cisco 3.5.1 3.5.1
Vpn_client Cisco 0490 0490
Vpn_client Cisco 4.8.00.0440 4.8.00.0440
Vpn_client Cisco 3.5.2 3.5.2
Vpn_client Cisco 2.0 2.0
Vpn_client Cisco 3.0.5 3.0.5
Vpn_client Cisco 4.8.01 4.8.01
Vpn_client Cisco 4.8.00.0000 4.8.00.0000
Vpn_client Cisco 5.0.00.340 5.0.00.340
Vpn_client Cisco 3.6.5 3.6.5
Vpn_client Cisco 5.0.2.0090 5.0.2.0090

References