Lucene search

K

[email protected]NVD:CVE-2014-5455

HistoryAug 25, 2014 - 4:55 p.m.

CVE-2014-5455

2014-08-2516:55:04

CWE-428

[email protected]

web.nvd.nist.gov

1

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

Affected configurations

NVD

Node

openvpnopenvpnMatch2.1.28.0

OR

privatetunnelprivatetunnelMatch2.3.8

References

osvdb.org/show/osvdb/109007

packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html

www.exploit-db.com/exploits/34037

www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php

github.com/CVEProject/cvelist/pull/3909

github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d

h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

Related for NVD:CVE-2014-5455

cve1 cvelist1 hp1 prion1 nessus1 openvas1