CVE-2008-2926

2008-08-1223:41:00

CWE-20

[email protected]

web.nvd.nist.gov

security

vulnerability

kmxfw.sys

hips

denial of service

privilege escalation

nvd

6.7 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.9%

JSON

The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

CPENameOperatorVersion
ca:internet_security_suite_2008ca internet security suite 2008eq*
ca:host_based_intrusion_prevention_systemca host based intrusion prevention systemeqr8
ca:personal_firewall_2007ca personal firewall 2007eq*
ca:personal_firewall_2008ca personal firewall 2008eq*
broadcom:internet_security_suitebroadcom internet security suiteeq3.0

CPE	Name	Operator	Version
ca:internet_security_suite_2008	ca internet security suite 2008	eq	*
ca:host_based_intrusion_prevention_system	ca host based intrusion prevention system	eq	r8
ca:personal_firewall_2007	ca personal firewall 2007	eq	*
ca:personal_firewall_2008	ca personal firewall 2008	eq	*
broadcom:internet_security_suite	broadcom internet security suite	eq	3.0