Vulnerability Description
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Vpn Client | 2.0 |
References
- http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txtExploit
- http://secunia.com/advisories/37419Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=19445Vendor Advisory
- http://www.securityfocus.com/bid/37077Exploit
- http://www.vupen.com/english/advisories/2009/3296Vendor Advisory
- http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txtExploit
- http://secunia.com/advisories/37419Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=19445Vendor Advisory
- http://www.securityfocus.com/bid/37077Exploit
- http://www.vupen.com/english/advisories/2009/3296Vendor Advisory
FAQ
What is CVE-2009-4118?
CVE-2009-4118 is a vulnerability with a CVSS score of 2.1 (LOW). The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, w...
How severe is CVE-2009-4118?
CVE-2009-4118 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4118?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vpn Client.