CVE-2014-5455

MEDIUM

Description

Unquoted Windows search path vulnerability in the ptservice service in PrivateTunnel 2.3.8, as bundled in OpenVPN 2.1.28.0 allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

References

http://osvdb.org/show/osvdb/109007

http://packetstormsecurity.com/files/127439/OpenVPN-Private-Tunnel-Privilege-Escalation.html

http://www.exploit-db.com/exploits/34037

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5192.php

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943

Details

Source: MITRE

Published: 2014-08-25

Updated: 2016-11-14

Type: CWE-428

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM