- Description
- The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589"
},
{
"criteria": "cpe:2.3:a:ca:host_based_intrusion_prevention_system:r8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "051FF92A-292B-4F5F-929C-4F0E654F4B87"
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0281F80B-CF9C-482D-B7A9-3B2651BD0567"
},
{
"criteria": "cpe:2.3:a:ca:personal_firewall_2007:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DFE4A13-0C9A-44A9-B74F-7E87D0F8DE4C"
},
{
"criteria": "cpe:2.3:a:ca:personal_firewall_2008:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "853DBC05-6624-43CD-A9E3-65F93B58BB99"
}
],
"operator": "OR"
}
]
}
]