Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4118

4 documents4 sources
Severity
2.1LOW
EPSS
0.3%
top 49.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco VPN Client
Timeline
PublishedDec 1
Latest updateMay 2

Description

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDcisco/vpn_client21 versions+20

🔴Vulnerability Details

2
GHSA
GHSA-r65m-rpw4-4w3f: The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd2022-05-02
CVEList
CVE-2009-4118: The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd2009-12-01

💥Exploits & PoCs

1
Exploit-DB
Cisco VPN Client - Integer Overflow Denial of Service2009-11-21
CVE-2009-4118 (LOW CVSS 2.1) | The StartServiceCtrlDispatcher func | cvebase.io