Lucene search

[email protected]CVE-2004-2329

HistoryAug 16, 2005 - 4:00 a.m.

CVE-2004-2329

2005-08-1604:00:00

[email protected]

web.nvd.nist.gov

cve-2004-2329

kerio personal firewall

kpf 2.1.5

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.

Affected configurations

NVD

Node

keriopersonal_firewallMatch2.1.5

CPENameOperatorVersion
kerio:personal_firewallkerio personal firewalleq2.1.5

CPE	Name	Operator	Version
kerio:personal_firewall	kerio personal firewall	eq	2.1.5

References

secunia.com/advisories/10746/

www.osvdb.org/3748

www.securityfocus.com/bid/9525

www.securitytracker.com/alerts/2004/Jan/1008870.html

www.tuneld.com/news/?id=30

www.tuneld.com/_images/other/kpf_system_privileges.png

exchange.xforce.ibmcloud.com/vulnerabilities/14981

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2004-2329

cvelist1 nvd1