Description
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Alex Hernandez · textdoswindows
https://www.exploit-db.com/exploits/10190
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37419
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3296
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=19445
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37077
Scores
EPSS
0.0027
EPSS Percentile
50.9%
Details
Status
published
Products (21)
cisco/vpn_client
2.0
cisco/vpn_client
3.0
cisco/vpn_client
3.0.5
cisco/vpn_client
3.1
cisco/vpn_client
3.5.1
cisco/vpn_client
3.5.1c
cisco/vpn_client
3.5.2
cisco/vpn_client
3.6.5 base
cisco/vpn_client
4.7.00.0000
cisco/vpn_client
4.8.00.0000
... and 11 more
Published
Dec 01, 2009
Tracked Since
Feb 18, 2026