Denial of Service Vulnerability in Cisco VPN Client for Windows
CVE-2009-4118

Currently unrated

Key Information:

Vendor

Cisco
Status
Vpn Client
Vendor
CVE Published:
1 December 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2009-4118?

The cvpnd service in the Cisco VPN Client for Windows prior to version 5.0.06.0100 is susceptible to a denial of service issue. This vulnerability arises when the StartServiceCtrlDispatcher function inadequately manages the ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error. An attacker with local access can exploit this weakness to manually initiate the cvpnd.exe process, leading to a crash of the service and a subsequent loss of VPN connectivity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-4118
Created by alt3kx

References

http://secunia.com/advisories/37419
third-party-advisoryx_refsource_SECUNIA
http://packetstormsecurity.org/0911-exploits/sybsec-adv17...
x_refsource_MISC
http://www.vupen.com/english/advisories/2009/3296
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

JSON
.