6.9
CVE-2014-5455
- EPSS 0.95%
- Veröffentlicht 25.08.2014 16:55:04
- Zuletzt bearbeitet 28.05.2026 18:16:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Privatetunnel ≫ Privatetunnel Version2.3.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.566 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 1.8 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-428 Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
http://osvdb.org/show/osvdb/109007
http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html
http://www.exploit-db.com/exploits/34037
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php
https://github.com/CVEProject/cvelist/pull/3909
https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943