Cisco VPN Client on Windows Service Control Manager DoS

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.


Synopsis :

The VPN client installed on the remote Windows host has a local
denial of service vulnerability.

Description :

The version of the Cisco VPN client installed on the remote host
reportedly has a local denial of service vulnerability. The
'StartServiceCtrlDispatcher' function of the 'cvpnd' service is
implemented improperly. Attempting to run 'cvpnd.exe' from the
command line causes the service to stop. A local attacker could
exploit this to tear down any active VPN sessions.

See also :

http://www.exploit-db.com/exploits/10190
https://tools.cisco.com/security/center/viewAlert.x?alertId=19445

Solution :

Upgrade to Cisco VPN Client version 5.0.06.0100 or later.

Risk factor :

Low / CVSS Base Score : 1.4
(CVSS2#AV:L/AC:L/Au:M/C:N/I:N/A:P)
CVSS Temporal Score : 1.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 42960 (cisco_vpn_client_5_0_06_0100.nasl)

Bugtraq ID: 37077

CVE ID: CVE-2009-4118

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now