Vulnerability Name: | CVE-2014-4973 (CCN-95381) | ||||||||
Assigned: | 2014-08-20 | ||||||||
Published: | 2014-08-20 | ||||||||
Updated: | 2014-09-24 | ||||||||
Summary: | The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed Aug 20 2014 - 05:24:59 CDT CVE-2014-4973 - Privilege Escalation in ESET Windows Products Source: MITRE Type: CNA CVE-2014-4973 Source: FULLDISC Type: UNKNOWN 20140820 CVE-2014-4973 - Privilege Escalation in ESET Windows Products Source: CCN Type: ESET Web site Personal Firewall Source: CCN Type: BID-69294 Multiple ESET Products CVE-2014-4973 Heap Overflow Vulnerability Source: XF Type: UNKNOWN eset-cve20144973-priv-esc(95381) Source: MISC Type: Exploit https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/ | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||
BACK |