CVE-2024-7249 – Comodo Firewall Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7249
Comodo Firewall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the application to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-954 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-14270
https://notcve.org/view.php?id=CVE-2019-14270
Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Comodo Antivirus hasta la versión 12.0.0.6870, Comodo Firewall hasta la versión 12.0.0.6870, y Comodo Internet Security Premium hasta la versión 12.0.0.6870, con la característica Comodo Container, son vulnerables a un escape del Sandbox. • https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall •
CVE-2018-17431 – Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-17431
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. La consola web en Comodo UTM Firewall, en versiones anteriores a la 2.7.0, permite a los atacantes remotos ejecutar código arbitrario sin autenticarse mediante una URL manipulada. Comodo Unified Threat Management Web Console version 2.7.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/48825 https://github.com/Fadavvi/CVE-2018-17431-PoC https://github.com/sanan2004/CVE-2018-17431-Comodo http://packetstormsecurity.com/files/159246/Comodo-Unified-Threat-Management-Web-Console-2.7.0-Remote-Code-Execution.html https://drive.google.com/file/d/0BzFJhNQNHcoTbndsUmNjVWNGYWNJaWxYcWNyS2ZDajluTDFz/view https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437 • CWE-287: Improper Authentication •
CVE-2008-1736
https://notcve.org/view.php?id=CVE-2008-1736
Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. Comodo Firewall Pro anterior a 3.0 no valida adecuadamente algunos parámetros que enganchan con las funciones de la Tabla de Descriptores de Servicios del Sistema (SSDT), lo que permite a usuarios locales producir una denegación de servicio (caída del sistema) mediante (1) una estructura OBJECT_ATTRIBUTES manipulada en una llamada a la función NtDeleteFile, lo que conduce a una validación incorrecta de un resultado ZwQueryObject; y llamadas no especificadas a las funciones (2) NtCreateFile y (3) NtSetThreadContext, diferentes vectores que en CVE-2007-0709 • http://secunia.com/advisories/30006 http://securityreason.com/securityalert/3838 http://securitytracker.com/id?1019944 http://www.coresecurity.com/?action=item&id=2249 http://www.personalfirewall.comodo.com/release_notes.html http://www.securityfocus.com/archive/1/491405/100/0/threaded http://www.securityfocus.com/bid/28742 http://www.vupen.com/english/advisories/2008/1383 https://exchange.xforce.ibmcloud.com/vulnerabilities/42082 •
CVE-2007-2729
https://notcve.org/view.php?id=CVE-2007-2729
Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. Comodo Firewall Pro 2.4.18.184 y Comodo Personal Firewall 2.3.6.81, y posiblemente versiones anteriores de Comodo Firewall, no comprueba adecuadamente la equivalencia de identificadores de proceso para ciertas funciones de la API de Windows en el NT kernel 5.0 y superiores, lo cual permite a usuarios locales llamar a estas funciones, y evitar reglas del cortafuegos u obtener privilegios, mediante un identificador modificado que es una, dos o tres veces más grande que el identificador canónico. • http://osvdb.org/37375 http://securityreason.com/securityalert/2714 http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php http://www.securityfocus.com/archive/1/468643/100/0/threaded •