Lucene search

[email protected]CVE-2004-2329

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2329

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2329

kerio personal firewall

kpf 2.1.5

privilege escalation

nvd

8 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.3%

JSON

Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.

CPENameOperatorVersion
kerio:personal_firewallkerio personal firewalleq2.1.5

CPE	Name	Operator	Version
kerio:personal_firewall	kerio personal firewall	eq	2.1.5

References

secunia.com/advisories/10746/

www.osvdb.org/3748

www.securityfocus.com/bid/9525

www.securitytracker.com/alerts/2004/Jan/1008870.html

www.tuneld.com/news/?id=30

www.tuneld.com/_images/other/kpf_system_privileges.png

exchange.xforce.ibmcloud.com/vulnerabilities/14981

8 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for CVE-2004-2329

cvelist1