Cisco VPN Client on Windows Service Control Manager DoS
Low Nessus Plugin ID 42960
SynopsisThe VPN client installed on the remote Windows host has a local denial of service vulnerability.
DescriptionThe version of the Cisco VPN client installed on the remote host reportedly has a local denial of service vulnerability. The 'StartServiceCtrlDispatcher' function of the 'cvpnd' service is implemented improperly. Attempting to run 'cvpnd.exe' from the command line causes the service to stop. A local attacker could exploit this to tear down any active VPN sessions.
SolutionUpgrade to Cisco VPN Client version 5.0.06.0100 or later.