CVE-2014-5455

Exploit

EPSS 0.64%
Veröffentlicht 25.08.2014 16:55:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openvpn ≫ Openvpn Version2.1.28.0

Privatetunnel ≫ Privatetunnel Version2.3.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.68

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

http://osvdb.org/show/osvdb/109007

Broken Link

http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html

Exploit

http://www.exploit-db.com/exploits/34037

Exploit

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php

Exploit

https://github.com/CVEProject/cvelist/pull/3909

https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-5455

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5455

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5455

EUVD