CVE-2014-5455
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Published at
2014-08-25T16:55Z
3533 days ago
Modified
2020-06-01T15:15Z
1426 days ago
CWE-428
Problem type
References
| URL | Type |
|---|---|
| 109007 http://osvdb.org/show/osvdb/109007 | OSVDB |
| packetstormsecurity.com http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html | MISC |
| 34037 http://www.exploit-db.com/exploits/34037 | EXPLOIT-DB |
| www.zeroscience.mk http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php | MISC |
| HPSBGN3551 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943 | HP |
| github.com https://github.com/CVEProject/cvelist/pull/3909 | MISC |
| github.com https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d | MISC |
GET https://vulnerabilitydata.com/api/details/CVE-2014-5455
{
"id": "CVE-2014-5455",
"published_date": "2014-08-25T16:55Z",
"last_modified_date": "2020-06-01T15:15Z",
"assigner": "cve@mitre.org",
"description": "Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.",
"references": [
{
"url": "http://osvdb.org/show/osvdb/109007",
"name": "109007",
"refsource": "OSVDB",
"tags": [
"Broken Link"
]
},
{
"url": "http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html",
"name": "http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html",
"refsource": "MISC",
"tags": [
"Exploit"
]
},
{
"url": "http://www.exploit-db.com/exploits/34037",
"name": "34037",
"refsource": "EXPLOIT-DB",
"tags": [
"Exploit"
]
},
{
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php",
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php",
"refsource": "MISC",
"tags": [
"Exploit"
]
},
{
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943",
"name": "HPSBGN3551",
"refsource": "HP",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/CVEProject/cvelist/pull/3909",
"name": "https://github.com/CVEProject/cvelist/pull/3909",
"refsource": "MISC",
"tags": []
},
{
"url": "https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d",
"name": "https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d",
"refsource": "MISC",
"tags": []
}
],
"impact": {
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9
},
"severity": "MEDIUM",
"exploitabilityScore": 3.4,
"impactScore": 10,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
},
"problem_type": "CWE-428"
}