CVE-2008-2926

EPSS 0.06%
Published 12.08.2008 23:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Broadcom ≫ Internet Security Suite Version3.0

Ca ≫ Host Based Intrusion Prevention System Versionr8

Ca ≫ Internet Security Suite 2008

Ca ≫ Personal Firewall 2007

Ca ≫ Personal Firewall 2008

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.146

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/31434

Patch

Vendor Advisory

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559

http://www.securityfocus.com/archive/1/495397/100/0/threaded

http://www.securityfocus.com/bid/30651

http://www.securitytracker.com/id?1020658

http://www.securitytracker.com/id?1020659

http://www.securitytracker.com/id?1020660

http://www.vupen.com/english/advisories/2008/2339

https://exchange.xforce.ibmcloud.com/vulnerabilities/44392

https://nvd.nist.gov/vuln/detail/CVE-2008-2926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2926

EUVD