{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-09-23T14:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/"}, {"name": "20140820 CVE-2014-4973 - Privilege Escalation in ESET Windows Products", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Aug/52"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4973", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/", "refsource": "MISC", "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/"}, {"name": "20140820 CVE-2014-4973 - Privilege Escalation in ESET Windows Products", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Aug/52"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:36.531Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/"}, {"name": "20140820 CVE-2014-4973 - Privilege Escalation in ESET Windows Products", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Aug/52"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4973", "datePublished": "2014-09-23T15:00:00", "dateReserved": "2014-07-15T00:00:00", "dateUpdated": "2024-08-06T11:34:36.531Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:smart_security:5.0.94:*:*:*:*:*:*:*", "matchCriteriaId": "B6C5C72A-8668-4B1C-8D1E-0968A8A0AFEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security:5.0.95:*:*:*:*:*:*:*", "matchCriteriaId": "CB520877-84B0-4728-9F98-C186A536C1C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security:5.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "56738037-06F6-4FD1-AE46-FA18664256A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security:5.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "FFD5AF33-7663-4387-8FF7-48E0C3E1754F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security:6.0.306:*:*:*:*:*:*:*", "matchCriteriaId": "1C6C6312-9A9A-4D7C-B853-64983076D27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security:6.0.308:*:*:*:*:*:*:*", "matchCriteriaId": "1F03CE87-5432-484B-9428-4A59D6A34DA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security:6.0.314:*:*:*:*:*:*:*", "matchCriteriaId": "4E374A62-36AB-446D-8C10-F57DDBE2B45F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:smart_security:6.0.316:*:*:*:*:*:*:*", "matchCriteriaId": "3B472F40-771C-4D80-A005-F203025300BF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eset:endpoint_security:5.0.2113:*:*:*:*:*:*:*", "matchCriteriaId": "5C76A864-D9CC-43C2-88E1-55D0CC696601", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:5.0.2122:*:*:*:*:*:*:*", "matchCriteriaId": "B01E66DD-E3B4-413A-A73D-7FEA4C5C1342", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:5.0.2126:*:*:*:*:*:*:*", "matchCriteriaId": "0CAEC019-865A-49CF-B9B7-7DAF2EAFDFA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:5.0.2214:*:*:*:*:*:*:*", "matchCriteriaId": "B23B1663-D74C-4B1B-A0BF-F68B327E8F99", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:5.0.2225:*:*:*:*:*:*:*", "matchCriteriaId": "057902A1-D019-43A9-8A3A-D9C14A4200A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:eset:endpoint_security:5.0.2228:*:*:*:*:*:*:*", "matchCriteriaId": "98974D2B-5561-43B2-9EB8-0B5617A2FA88", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call."}, {"lang": "es", "value": "El controlador del filtro NIDS de ESET Personal Firewall (EpFwNdis.sys) en el m\u00f3dulo del Firewall Build 1183 (20140214) y anteriores en productos ESET Smart Security y ESET Endpoint Security 5.0 hasta 7.0 permite a usuarios locales ganar privilegios a trav\u00e9s de un argumento manipulado en una llamada IOCTL 0x830020CC."}], "id": "CVE-2014-4973", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-23T15:55:06.480", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2014/Aug/52"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2014/Aug/52"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-4973/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}