Lucene search

[email protected]CVE-2008-0779

HistoryFeb 14, 2008 - 12:00 p.m.

CVE-2008-0779

2008-02-1412:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-0779

fortinet forticlient

device driver

security vulnerability

kernel memory

arbitrary code execution

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.

Affected configurations

NVD

Node

fortinetforticlient_host_securityRange≤3.0mr5_patch_3

CPENameOperatorVersion
fortinet:forticlient_host_securityfortinet forticlient host securityle3.0

CPE	Name	Operator	Version
fortinet:forticlient_host_security	fortinet forticlient host security	le	3.0

References

kc.forticare.com/default.asp?id=3618

secunia.com/advisories/28975

securityreason.com/securityalert/3660

www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=47&Itemid=15

www.securityfocus.com/archive/1/488071/100/0/threaded

www.securityfocus.com/bid/27776

www.securitytracker.com/id?1019415

www.vupen.com/english/advisories/2008/0541/references

exchange.xforce.ibmcloud.com/vulnerabilities/40512

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-0779

cvelist1 nvd1 prion1 nessus1