Denial of Service Vulnerability in Cisco VPN Client for Windows
CVE-2009-4118

Currently unrated

Key Information:

Vendor: Cisco
Status: Vpn Client
Vendor: CVE Published:; 1 December 2009

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The cvpnd service in the Cisco VPN Client for Windows prior to version 5.0.06.0100 is susceptible to a denial of service issue. This vulnerability arises when the StartServiceCtrlDispatcher function inadequately manages the ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error. An attacker with local access can exploit this weakness to manually initiate the cvpnd.exe process, leading to a crash of the service and a subsequent loss of VPN connectivity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-4118
Created by alt3kx

References

http://secunia.com/advisories/37419

third-party-advisoryx_refsource_SECUNIA

http://packetstormsecurity.org/0911-exploits/sybsec-adv17...

x_refsource_MISC

http://www.vupen.com/english/advisories/2009/3296

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Apr 2, 2018
👾
Exploit known to exist
Apr 2, 2018
Vulnerability published
Dec 1, 2009