CVE-2009-4118

Cisco VPN client for Windows <5.0.06.0100 - DoS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4118. PoCs published by Alex Hernandez, alt3kx.

AI-analyzed exploit summary This PoC exploits an integer overflow vulnerability in Cisco VPN Client versions 4.8.02.0010 and 5.0.x by passing a malformed buffer as a command-line argument to cvpnd.exe, causing a denial-of-service (DoS). The code checks for active Cisco VPN ports (TCP/UDP 62514) and attempts to crash the service.

Description

The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Alex Hernandez · textdoswindows

https://www.exploit-db.com/exploits/10190

View Code ZIP pw:eip

This PoC exploits an integer overflow vulnerability in Cisco VPN Client versions 4.8.02.0010 and 5.0.x by passing a malformed buffer as a command-line argument to cvpnd.exe, causing a denial-of-service (DoS). The code checks for active Cisco VPN ports (TCP/UDP 62514) and attempts to crash the service.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Cisco VPN Client versions 4.8.02.0010, 5.0.03.0560, 5.0.04.0300, 5.0.05.0290

No auth needed

Prerequisites: Cisco VPN Client installed on Windows · Local access to execute the PoC

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by alt3kx · poc

https://github.com/alt3kx/CVE-2009-4118

View Code ZIP pw:eip

This repository provides a technical overview of CVE-2009-4118, an integer overflow vulnerability in the Cisco VPN Client leading to a Denial of Service (DoS). It references Exploit-DB and Cisco's official advisory but does not include functional exploit code.

Classification

Writeup 80%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Cisco VPN Client

No auth needed

Prerequisites: Network access to the target system running Cisco VPN Client

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37419

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3296

Vendor Advisory x_refsource_confirm

http://tools.cisco.com/security/center/viewAlert.x?alertId=19445

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37077

Scores

EPSS 0.0250

EPSS Percentile 82.7%

Details

Status published

Products (21)

cisco/vpn_client 2.0

cisco/vpn_client 3.0

cisco/vpn_client 3.0.5

cisco/vpn_client 3.1

cisco/vpn_client 3.5.1

cisco/vpn_client 3.5.1c

cisco/vpn_client 3.5.2

cisco/vpn_client 3.6.5 base

cisco/vpn_client 4.7.00.0000

cisco/vpn_client 4.8.00.0000

... and 11 more

Published Dec 01, 2009

Tracked Since Feb 18, 2026