Vulnerability Details : CVE-2009-4118
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
Vulnerability category: Denial of service
Products affected by CVE-2009-4118
- cpe:2.3:a:cisco:vpn_client:3.5.1:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.2:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:2.0:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.0:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.1:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.0.5:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.5.1c:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:4.7.00.0000:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:4.8.00.0000:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:4.8.1:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:5.0.2.0090:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:3.6.5:base:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:5.0.02.0090:base:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:4.8.01:base:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:4.8.02.0010:base:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:4.9:base:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:5.0.00.340:base:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:5.0.01:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:4.8.00.0440:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:0490:base:windows:*:*:*:*:*
- cpe:2.3:a:cisco:vpn_client:5.0.01.0600:base:windows:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-4118
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-4118
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
References for CVE-2009-4118
Jump to