Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0324

CWE-3995 documents5 sources
Severity
4.9MEDIUM
EPSS
0.6%
top 30.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco VPN Client
Timeline
PublishedJan 17
Latest updateMay 1

Description

Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

ā–¶NVDcisco/vpn_client5.0.2.0090

šŸ”“Vulnerability Details

2
GHSA
GHSA-x327-3g78-w8g3: Cisco Systems VPN Client IPSec Driver (CVPNDRVAā†—2022-05-01
ā–¶
CVEList
CVE-2008-0324: Cisco Systems VPN Client IPSec Driver (CVPNDRVAā†—2008-01-17
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)ā†—2008-01-15
ā–¶

šŸ“‹Vendor Advisories

1
Cisco
Cisco VPN Client IPSec Driver Kernel Memory Corruption Vulnerabilityā†—2008-01-15
ā–¶
CVE-2008-0324 (MEDIUM CVSS 4.9) | Cisco Systems VPN Client IPSec Driv | cvebase.io