CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
26.1%
Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.
Vendor | Product | Version | CPE |
---|---|---|---|
comodo | comodo_firewall_pro | * | cpe:2.3:a:comodo:comodo_firewall_pro:*:*:*:*:*:*:*:* |
lists.grok.org.uk/pipermail/full-disclosure/2007-February/052461.html
osvdb.org/45243
securityreason.com/securityalert/2279
www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php
www.securityfocus.com/archive/1/460209/100/100/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/32530