4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.
CPE | Name | Operator | Version |
---|---|---|---|
comodo:comodo_firewall_pro | comodo comodo firewall pro | le | 2.4.17.183 |
lists.grok.org.uk/pipermail/full-disclosure/2007-February/052461.html
osvdb.org/45243
securityreason.com/securityalert/2279
www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php
www.securityfocus.com/archive/1/460209/100/100/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/32530