CVE-2009-4118
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/12/2009
Last modified:
09/04/2025
Description
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:3.6.5:base:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:4.7.00.0000:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:4.8.00.0000:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:4.8.00.0440:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:4.8.01:base:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:4.8.02.0010:base:windows:*:*:*:*:* | ||
| cpe:2.3:a:cisco:vpn_client:4.9:base:windows:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt
- http://secunia.com/advisories/37419
- http://tools.cisco.com/security/center/viewAlert.x?alertId=19445
- http://www.securityfocus.com/bid/37077
- http://www.vupen.com/english/advisories/2009/3296
- http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt
- http://secunia.com/advisories/37419
- http://tools.cisco.com/security/center/viewAlert.x?alertId=19445
- http://www.securityfocus.com/bid/37077
- http://www.vupen.com/english/advisories/2009/3296