// For flags

CVE-2009-4118

Cisco VPN Client - Integer Overflow Denial of Service

Severity Score

2.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

La función StartServiceCtrlDispatcher en el servicio cvpnd (cvpnd.exe) del cliente Cisco VPN para Windows versiones anteriores a 5.0.06.0100 no maneja correctamente un error ERROR_FAILED_SERVICE_CONTROLLER_CONNECT, permitiendo que usuarios locales provoquen una denegación de servicio (parada del servicio y perdida de conexión VPN) mediante un inicio manual de cvpnd.exe mientras se está ejecutando el servicio cvpnd.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-11-21 First Exploit
  • 2009-11-30 CVE Reserved
  • 2009-12-01 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-11-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
2.0
Search vendor "Cisco" for product "Vpn Client" and version "2.0"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
3.0
Search vendor "Cisco" for product "Vpn Client" and version "3.0"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
3.0.5
Search vendor "Cisco" for product "Vpn Client" and version "3.0.5"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
3.1
Search vendor "Cisco" for product "Vpn Client" and version "3.1"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
3.5.1
Search vendor "Cisco" for product "Vpn Client" and version "3.5.1"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
3.5.1c
Search vendor "Cisco" for product "Vpn Client" and version "3.5.1c"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
3.5.2
Search vendor "Cisco" for product "Vpn Client" and version "3.5.2"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
3.6.5
Search vendor "Cisco" for product "Vpn Client" and version "3.6.5"
base, windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
4.7.00.0000
Search vendor "Cisco" for product "Vpn Client" and version "4.7.00.0000"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
4.8.00.0000
Search vendor "Cisco" for product "Vpn Client" and version "4.8.00.0000"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
4.8.00.0440
Search vendor "Cisco" for product "Vpn Client" and version "4.8.00.0440"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
4.8.1
Search vendor "Cisco" for product "Vpn Client" and version "4.8.1"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
4.8.01
Search vendor "Cisco" for product "Vpn Client" and version "4.8.01"
base, windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
4.8.02.0010
Search vendor "Cisco" for product "Vpn Client" and version "4.8.02.0010"
base, windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
4.9
Search vendor "Cisco" for product "Vpn Client" and version "4.9"
base, windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
5.0.00.340
Search vendor "Cisco" for product "Vpn Client" and version "5.0.00.340"
base, windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
5.0.01
Search vendor "Cisco" for product "Vpn Client" and version "5.0.01"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
5.0.01.0600
Search vendor "Cisco" for product "Vpn Client" and version "5.0.01.0600"
base, windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
5.0.2.0090
Search vendor "Cisco" for product "Vpn Client" and version "5.0.2.0090"
windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
5.0.02.0090
Search vendor "Cisco" for product "Vpn Client" and version "5.0.02.0090"
base, windows
Affected
Cisco
Search vendor "Cisco"
Vpn Client
Search vendor "Cisco" for product "Vpn Client"
0490
Search vendor "Cisco" for product "Vpn Client" and version "0490"
base, windows
Affected