CVE-2009-4118

Name of the Vulnerable Software and Affected Versions Cisco VPN client for Windows versions prior to 5.0.06.0100

Description The issue is related to the StartServiceCtrlDispatcher function in the cvpnd service, which does not properly handle an ERROR FAILED SERVICE CONTROLLER CONNECT error. This allows local users to cause a denial of service, resulting in a service crash and VPN connection loss, by manually starting cvpnd.exe while the cvpnd service is running.

Recommendations For versions prior to 5.0.06.0100, update to version 5.0.06.0100 or later to resolve the issue. As a temporary workaround, consider avoiding manual starts of cvpnd.exe while the cvpnd service is running to minimize the risk of service crash and VPN connection loss.