Lucene search

[email protected]CVE-2014-4974

HistoryNov 04, 2014 - 4:55 p.m.

CVE-2014-4974

2014-11-0416:55:06

CWE-200

[email protected]

web.nvd.nist.gov

cve-2014-4974

eset

personal firewall

ndis filter

epfwndis.sys

kernel mode driver

ioctl calls

information security

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.

Affected configurations

NVD

Node

esetpersonal_firewall_ndis_filterRange≤1183_\(20140214\)

CPENameOperatorVersion
eset:personal_firewall_ndis_filtereset personal firewall ndis filterle1183_\(20140214\)

CPE	Name	Operator	Version
eset:personal_firewall_ndis_filter	eset personal firewall ndis filter	le	1183_\(20140214\)

References

packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html

seclists.org/fulldisclosure/2014/Oct/118

www.securityfocus.com/bid/70770

exchange.xforce.ibmcloud.com/vulnerabilities/98312

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-4974

prion1 nvd1 cvelist1