| Vulnerability Name: | CVE-2014-4974 (CCN-98312) | ||||||||
| Assigned: | 2014-10-28 | ||||||||
| Published: | 2014-10-28 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N) 1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-4974 Source: MISC Type: UNKNOWN http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html Source: CCN Type: Full Disclosure Mailing List, Tue, 28 Oct 2014 13:53:57 +0000 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products Source: FULLDISC Type: UNKNOWN 20141028 CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products Source: CCN Type: ESET Web site Smart Security Source: BID Type: UNKNOWN 70770 Source: CCN Type: BID-70770 Multiple ESET Products CVE-2014-4974 Local Information Disclosure Vulnerability Source: XF Type: UNKNOWN eset-cve20144974-info-disc(98312) Source: XF Type: UNKNOWN eset-cve20144974-info-disc(98312) Source: MISC Type: UNKNOWN https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/ | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||