VAR-201411-0062
Vulnerability from variot - Updated: 2023-12-18 13:29The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. Multiple ESET Products are prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. Both ESET Smart Security and ESET Endpoint Security are security package solutions from ESET in Slovakia, which include functions such as virus defense and cleaning, anti-spam and firewall; the former is the home version, and the latter is the business version. The vulnerability is caused by improper validation for some IOCTLs.
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/
Copyright: Copyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.
Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
This email originates from the systems of Portcullis
Computer Security Limited, a Private limited company,
registered in England in accordance with the Companies
Act under number 02763799. The registered office
address of Portcullis Computer Security Limited is:
Portcullis House, 2 Century Court, Tolpits Lane, Watford,
United Kingdom, WD18 9RS.
The information in this email is confidential and may be
legally privileged. It is intended solely for the addressee.
Any opinions expressed are those of the individual and
do not represent the opinion of the organisation. Access
to this email by persons other than the intended recipient
is strictly prohibited.
If you are not the intended recipient, any disclosure,
copying, distribution or other action taken or omitted to be
taken in reliance on it, is prohibited and may be unlawful.
When addressed to our clients any opinions or advice
contained in this email is subject to the terms and
conditions expressed in the applicable Portcullis Computer
Security Limited terms of business.
This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall ndis filter",
"scope": "lte",
"trust": 1.0,
"vendor": "eset",
"version": "1183_\\(20140214\\)"
},
{
"model": "personal firewall ndis filter",
"scope": "lt",
"trust": 0.8,
"vendor": "eset",
"version": "build 1212 (20140609)"
},
{
"model": "personal firewall ndis filter",
"scope": "eq",
"trust": 0.6,
"vendor": "eset",
"version": "1183_\\(20140214\\)"
},
{
"model": "smart security",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "0"
},
{
"model": "personal firewall module build",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "1183(20140214"
},
{
"model": "endpoint security",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "0"
},
{
"model": "personal firewall module build",
"scope": "ne",
"trust": 0.3,
"vendor": "eset",
"version": "1212(20140609"
}
],
"sources": [
{
"db": "BID",
"id": "70770"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"db": "NVD",
"id": "CVE-2014-4974"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eset:personal_firewall_ndis_filter:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1183_\\(20140214\\)",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4974"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyriakos Economou",
"sources": [
{
"db": "BID",
"id": "70770"
},
{
"db": "PACKETSTORM",
"id": "128874"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
],
"trust": 1.0
},
"cve": "CVE-2014-4974",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-4974",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-72915",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4974",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1369",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-72915",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72915"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"db": "NVD",
"id": "CVE-2014-4974"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. Multiple ESET Products are prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. Both ESET Smart Security and ESET Endpoint Security are security package solutions from ESET in Slovakia, which include functions such as virus defense and cleaning, anti-spam and firewall; the former is the home version, and the latter is the business version. \nThe vulnerability is caused by improper validation for some IOCTLs. \n\nFurther details at:\n\nhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user\u0027s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. \n\n\n\n###############################################################\nThis email originates from the systems of Portcullis\nComputer Security Limited, a Private limited company, \nregistered in England in accordance with the Companies \nAct under number 02763799. The registered office \naddress of Portcullis Computer Security Limited is: \nPortcullis House, 2 Century Court, Tolpits Lane, Watford, \nUnited Kingdom, WD18 9RS. \nThe information in this email is confidential and may be \nlegally privileged. It is intended solely for the addressee. \nAny opinions expressed are those of the individual and \ndo not represent the opinion of the organisation. Access \nto this email by persons other than the intended recipient \nis strictly prohibited. \nIf you are not the intended recipient, any disclosure, \ncopying, distribution or other action taken or omitted to be \ntaken in reliance on it, is prohibited and may be unlawful. \nWhen addressed to our clients any opinions or advice \ncontained in this email is subject to the terms and \nconditions expressed in the applicable Portcullis Computer \nSecurity Limited terms of business. \n###############################################################\n\n#####################################################################################\nThis e-mail message has been scanned for Viruses and Content and cleared \nby MailMarshal. \n#####################################################################################\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4974"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"db": "BID",
"id": "70770"
},
{
"db": "VULHUB",
"id": "VHN-72915"
},
{
"db": "PACKETSTORM",
"id": "128874"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-72915",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72915"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4974",
"trust": 2.9
},
{
"db": "BID",
"id": "70770",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "128874",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005235",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1369",
"trust": 0.7
},
{
"db": "XF",
"id": "98312",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72915",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72915"
},
{
"db": "BID",
"id": "70770"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"db": "PACKETSTORM",
"id": "128874"
},
{
"db": "NVD",
"id": "CVE-2014-4974"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
]
},
"id": "VAR-201411-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-72915"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:29:39.589000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Windows\u7528\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30d1\u30fc\u30bd\u30ca\u30eb\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u6a5f\u80fd\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\uff08JVNDB-2014-005235\uff09\u3078\u306e\u5bfe\u5fdc\u72b6\u6cc1\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://canon-its.jp/supp/eset/notify20141118.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72915"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"db": "NVD",
"id": "CVE-2014-4974"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/70770"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/oct/118"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128874/eset-7.0-kernel-memory-leak.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98312"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4974"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4974"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/98312"
},
{
"trust": 0.3,
"url": "http://www.eset.com/smartsecurity/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4974"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72915"
},
{
"db": "BID",
"id": "70770"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"db": "PACKETSTORM",
"id": "128874"
},
{
"db": "NVD",
"id": "CVE-2014-4974"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-72915"
},
{
"db": "BID",
"id": "70770"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"db": "PACKETSTORM",
"id": "128874"
},
{
"db": "NVD",
"id": "CVE-2014-4974"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-72915"
},
{
"date": "2014-10-22T00:00:00",
"db": "BID",
"id": "70770"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"date": "2014-10-28T18:13:16",
"db": "PACKETSTORM",
"id": "128874"
},
{
"date": "2014-11-04T16:55:06.450000",
"db": "NVD",
"id": "CVE-2014-4974"
},
{
"date": "2014-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-72915"
},
{
"date": "2014-10-22T00:00:00",
"db": "BID",
"id": "70770"
},
{
"date": "2014-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005235"
},
{
"date": "2017-08-29T01:35:10.453000",
"db": "NVD",
"id": "CVE-2014-4974"
},
{
"date": "2014-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "70770"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ESET Used in products ESET Personal Firewall NDIS Vulnerability in the acquisition of important information in the filter kernel mode driver",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1369"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…