Lucene search

Kaspersky LabKLA10108

HistoryNov 30, 2009 - 12:00 a.m.

KLA10108 DoS vulnerability in Cisco VPN client

2009-11-3000:00:00

Kaspersky Lab

threats.kaspersky.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.1%

JSON

Improper error handling was found in Cisco VPN Client. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited locally at a point related to the cvpnd service via cvpnd.exe manipulations.

Original advisories

Cisco bulletin

Related products

Cisco-VPN-Client

CVE list

CVE-2009-4118 warning

Solution

Update to latest version

Impacts

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

Cisco VPN Client versions 5.0.2.0090 and earlier

References

tools.cisco.com/security/center/viewAlert.x?alertId=19445

statistics.securelist.com/

threats.kaspersky.com/en/product/Cisco-VPN-Client/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.1%

JSON

Related for KLA10108