Zurück zur CVE-Übersicht
CVE-2014-5455
MEDIUM(5.3)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Risk Signal Score13/100 — NIEDRIG
- CVSS 5.3 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
5.3
Technische Schwere
Beschreibung
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Referenzen
- http://osvdb.org/show/osvdb/109007
- http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Esc...
- http://www.exploit-db.com/exploits/34037
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php
- https://github.com/CVEProject/cvelist/pull/3909
- https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb...
- https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0...
- http://osvdb.org/show/osvdb/109007
- http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Esc...
- http://www.exploit-db.com/exploits/34037