Denial of Service Vulnerability in Cisco Systems VPN Client IPSec Driver
CVE-2008-0324

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 17 January 2008

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-0324?

A vulnerability in the Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) allows local users to cause a denial of service (DoS) by invoking the 0x80002038 IOCTL with a small size value. This action leads to memory corruption, potentially crashing the application and disrupting service for the user.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-0324 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39694

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2008/0170

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1019240

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 17, 2008
👾
Exploit known to exist
Jan 17, 2008
Vulnerability published
Jan 17, 2008
Vulnerability Reserved
Jan 16, 2008

CVE-2008-0324 Data

JSON