// For flags

CVE-2008-2926

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

El Controlador kmxfw.sys en el Sistema de prevención de intrusiones basado en Host (Host-Based Intrusion Prevention System) r8 (HIPS-r8), como el utilizado en CA Internet Security Suite and Personal Firewall, no verifica de forma adecuada las peticiones IOCTL, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente, obtengan privilegios a través de peticiones manipuladas.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-06-30 CVE Reserved
  • 2008-08-12 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Broadcom
Search vendor "Broadcom"
Internet Security Suite
Search vendor "Broadcom" for product "Internet Security Suite"
3.0
Search vendor "Broadcom" for product "Internet Security Suite" and version "3.0"
-
Affected
Ca
Search vendor "Ca"
Host Based Intrusion Prevention System
Search vendor "Ca" for product "Host Based Intrusion Prevention System"
r8
Search vendor "Ca" for product "Host Based Intrusion Prevention System" and version "r8"
-
Affected
Ca
Search vendor "Ca"
Internet Security Suite 2008
Search vendor "Ca" for product "Internet Security Suite 2008"
*-
Affected
Ca
Search vendor "Ca"
Personal Firewall 2007
Search vendor "Ca" for product "Personal Firewall 2007"
*-
Affected
Ca
Search vendor "Ca"
Personal Firewall 2008
Search vendor "Ca" for product "Personal Firewall 2008"
*-
Affected