Vulnerabilities > CVE-2009-4118 - Local Denial of Service vulnerability in Cisco VPN Client for Windows 'StartServiceCtrlDispatche'
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
Vulnerable Configurations
Exploit-Db
| description | Cisco VPN Client Integer Overflow (DOS). CVE-2009-4118. Dos exploit for windows platform |
| id | EDB-ID:10190 |
| last seen | 2016-02-01 |
| modified | 2009-11-21 |
| published | 2009-11-21 |
| reporter | Alex Hernandez |
| source | https://www.exploit-db.com/download/10190/ |
| title | Cisco VPN Client Integer Overflow DOS |
Nessus
| NASL family | Windows |
| NASL id | CISCO_VPN_CLIENT_5_0_06_0100.NASL |
| description | The version of the Cisco VPN client installed on the remote host reportedly has a local denial of service vulnerability. The |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 42960 |
| published | 2009-12-01 |
| reporter | This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/42960 |
| title | Cisco VPN Client on Windows Service Control Manager DoS |