Lucene search

[email protected]CVE-2014-7136

HistoryDec 12, 2014 - 3:59 p.m.

CVE-2014-7136

2014-12-1215:59:07

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-7136

k7fwfilt.sys

k7firewall

buffer overflow

kernel mode driver

nvd

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call.

Affected configurations

NVD

Node

k7computingk7firewall_packet_driverRange≤14.0.1.15

CPENameOperatorVersion
k7computing:k7firewall_packet_driverk7computing k7firewall packet driverle14.0.1.15

CPE	Name	Operator	Version
k7computing:k7firewall_packet_driver	k7computing k7firewall packet driver	le	14.0.1.15

References

packetstormsecurity.com/files/129474/K7-Computing-Multiple-Products-K7FWFilt.sys-Privilege-Escalation.html

seclists.org/fulldisclosure/2014/Dec/47

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

Related for CVE-2014-7136

nvd1 openvas1 cvelist1 prion1