Lucene search

[email protected]CVE-2014-5455

HistoryAug 25, 2014 - 4:55 p.m.

CVE-2014-5455

2014-08-2516:55:04

CWE-428

[email protected]

web.nvd.nist.gov

cve-2014-5455

unquoted path vulnerability

ptservice

windows

privilege escalation

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

Affected configurations

NVD

Node

openvpnopenvpnMatch2.1.28.0

privatetunnelprivatetunnelMatch2.3.8

CPENameOperatorVersion
openvpn:openvpnopenvpneq2.1.28.0
privatetunnel:privatetunnelprivatetunneleq2.3.8

CPE	Name	Operator	Version
openvpn:openvpn	openvpn	eq	2.1.28.0
privatetunnel:privatetunnel	privatetunnel	eq	2.3.8

References

osvdb.org/show/osvdb/109007

packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html

www.exploit-db.com/exploits/34037

www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php

github.com/CVEProject/cvelist/pull/3909

github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d

h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CVE-2014-5455

cvelist1 prion1 hp1 nvd1 nessus1 openvas1