CVE-2014-4974

medium

Description

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls.

References

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4974/

https://exchange.xforce.ibmcloud.com/vulnerabilities/98312

http://www.securityfocus.com/bid/70770

http://seclists.org/fulldisclosure/2014/Oct/118

http://packetstormsecurity.com/files/128874/ESET-7.0-Kernel-Memory-Leak.html

Details

Source: Mitre, NVD

Published: 2014-11-04

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00146