Cisco VPN Client IPSec Driver Kernel Memory Corruption Vulnerability

Cisco VPN Client for Windows version 5.0.02.0090 contains a vulnerability that could allow a local attacker to cause the affected system to fail and restart, resulting in a denial of service (DoS) condition.

This vulnerability exists due to invalid memory operations. An attacker could exploit this vulnerability by running a program designed to make malicious requests to the affected application. As a result of processing these requests, the application could corrupt system memory,causing the system to fail and restart, thus denying service to legitimate users.

Proof-of-concept code exists that demonstrates a DoS condition.

Cisco has not confirmed this vulnerability and updates are not available.

An attacker must log on locally to an affected system and run a program designed to submit malicious input to the affected application. An exploit could cause the system to fail and restart, resulting in a DoS condition. No evidence exists demonstrating that memory corruption resulting from an exploit could be leveraged to execute arbitrary code.

Systems that could be most impacted by an exploit are multi-user systems. Because VPN client software is often deployed on dedicated or single-user systems, a DoS may only affect the attacker or one other user on the local system.