CVE-2014-5455

Exploit

EPSS 0.64%
Published 25.08.2014 16:55:04
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Openvpn ≫ Openvpn Version2.1.28.0

Privatetunnel ≫ Privatetunnel Version2.3.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.64%	0.68

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

http://osvdb.org/show/osvdb/109007

Broken Link

http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html

Exploit

http://www.exploit-db.com/exploits/34037

Exploit

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php

Exploit

https://github.com/CVEProject/cvelist/pull/3909

https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-5455

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5455

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5455

EUVD