CVE-2017-17429

Published: Jan 16, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

Affected (7)

Products: K7computing: Antivirus, Endpoint, Internet Security, Total Security, Ultimate Security

5 products

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
K7computing Antivirus	Before 15.1.0308
K7computing Antivirus	Before 15.1.0.53
K7computing Endpoint	Before 14.2.0137
K7computing Internet Security	Before 15.1.0297
K7computing Total Security	Before 15.1.0324
K7computing Total Security	Before 16.0.0131
K7computing Ultimate Security	Before 15.1.0324

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-5th-December-2017

Source: cve@mitre.org

Vendor Advisory

https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-5th-December-2017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.