Lucene search

[email protected]CVE-2008-0324

HistoryJan 17, 2008 - 3:00 a.m.

CVE-2008-0324

2008-01-1703:00:00

CWE-399

[email protected]

web.nvd.nist.gov

cisco

vpn

client

cvpndrva.sys

denial of service

cve-2008-0324

6.5 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.

CPENameOperatorVersion
cisco:vpn_clientcisco vpn clienteq5.0.2.0090

CPE	Name	Operator	Version
cisco:vpn_client	cisco vpn client	eq	5.0.2.0090

References

secunia.com/advisories/28472

www.securityfocus.com/bid/27289

www.securitytracker.com/id?1019240

www.vupen.com/english/advisories/2008/0170

exchange.xforce.ibmcloud.com/vulnerabilities/39694

www.exploit-db.com/exploits/4911

6.5 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

Related for CVE-2008-0324

prion1 cvelist1 cisco1