Podatność CVE-2009-4118


Publikacja: 2009-11-30   Modyfikacja: 2012-02-13

Opis:
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
Cisco VPN Client Integer overflow (DOS) Proof Of Concept Code
alt3kx
03.12.2009

Typ:

CWE-Other

Producent: Cisco
Produkt: Vpn client 
Wersje:
5.0.2.0090
5.0.02.0090
5.0.01.0600
5.0.01
5.0.00.340
4.9
4.8.1
4.8.02.0010
4.8.01
4.8.00.0440
4.8.00.0000
4.7.00.0000
3.6.5
3.5.2
3.5.1c
3.5.1
3.1
3.0.5
3.0
2.0
0490

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
2.1/10
2.9/10
3.9/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Lokalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Częściowy

 Referencje:
http://www.vupen.com/english/advisories/2009/3296
http://www.securityfocus.com/bid/37077
http://tools.cisco.com/security/center/viewAlert.x?alertId=19445
http://secunia.com/advisories/37419
http://packetstormsecurity.org/0911-exploits/sybsec-adv17.txt

Podobne CVE
CVE-2019-1976
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improp...
CVE-2019-1939
A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by t...
CVE-2019-12645
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to im...
CVE-2019-12644
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface...
CVE-2019-12635
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does ...
CVE-2019-12633
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to ...
CVE-2019-12632
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not pr...
CVE-2019-1977
A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpo...

Copyright 2019, cxsecurity.com

 

Back to Top