PT-2009-6297 · Cisco · Cisco Vpn Client

Published

2009-12-01

Updated

2012-10-25

CVE-2009-4118

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Cisco VPN client for Windows versions prior to 5.0.06.0100

Description The issue is related to the StartServiceCtrlDispatcher function in the cvpnd service, which does not properly handle an ERROR FAILED SERVICE CONTROLLER CONNECT error. This allows local users to cause a denial of service, resulting in a service crash and VPN connection loss, by manually starting cvpnd.exe while the cvpnd service is running.

Recommendations For versions prior to 5.0.06.0100, update to version 5.0.06.0100 or later to resolve the issue. As a temporary workaround, consider avoiding manual starts of cvpnd.exe while the cvpnd service is running to minimize the risk of service crash and VPN connection loss.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-4118

Affected Products

Cisco Vpn Client

PT-2009-6297 · Cisco · Cisco Vpn Client

CVE-2009-4118

Related Identifiers

Affected Products

References · 7