Vulnerability CVE-2014-4973


Published: 2014-09-23

Description:
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ESET Windows Products 7.0 Privilege Escalation
Kyriakos Economo...
21.08.2014

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
ESET -> Endpoint security 
ESET -> Firewall module build 1183 
ESET -> Smart security 

 References:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/
http://seclists.org/fulldisclosure/2014/Aug/52

Copyright 2024, cxsecurity.com

 

Back to Top