Lucene search

[email protected]NVD:CVE-2014-7136

HistoryDec 12, 2014 - 3:59 p.m.

CVE-2014-7136

2014-12-1215:59:07

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call.

Affected configurations

Nvd

Node

k7computingk7firewall_packet_driverRange≤14.0.1.15

VendorProductVersionCPE
k7computingk7firewall_packet_driver*cpe:2.3:a:k7computing:k7firewall_packet_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
k7computing	k7firewall_packet_driver	*	cpe:2.3:a:k7computing:k7firewall_packet_driver::::::::

References

packetstormsecurity.com/files/129474/K7-Computing-Multiple-Products-K7FWFilt.sys-Privilege-Escalation.html

seclists.org/fulldisclosure/2014/Dec/47

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7136/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

Related for NVD:CVE-2014-7136

cvelist1 cve1 openvas1 prion1