CVE-2009-4118

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

Published: Dec 1, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-4118
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / vpn_client	5.0.02.0090-base	5.0.02.0090-base.x
cisco / vpn_client	4.8.02.0010-base	4.8.02.0010-base.x
cisco / vpn_client	3.5.1c	3.5.1c.x
cisco / vpn_client	4.7.00.0000	4.7.00.0000.x
cisco / vpn_client	3.1	3.1.x
cisco / vpn_client	5.0.01.0600-base	5.0.01.0600-base.x
cisco / vpn_client	5.0.01	5.0.01.x
cisco / vpn_client	3.0	3.0.x
cisco / vpn_client	4.8.1	4.8.1.x
cisco / vpn_client	4.9-base	4.9-base.x
cisco / vpn_client	3.5.1	3.5.1.x
cisco / vpn_client	0490-base	0490-base.x
cisco / vpn_client	4.8.00.0440	4.8.00.0440.x
cisco / vpn_client	3.5.2	3.5.2.x
cisco / vpn_client	2.0	2.0.x
cisco / vpn_client	3.0.5	3.0.5.x
cisco / vpn_client	4.8.01-base	4.8.01-base.x
cisco / vpn_client	4.8.00.0000	4.8.00.0000.x
cisco / vpn_client	5.0.00.340-base	5.0.00.340-base.x
cisco / vpn_client	3.6.5-base	3.6.5-base.x
cisco / vpn_client	5.0.2.0090	5.0.2.0090.x

Vulnerability Database

289,697

CVE-2009-4118