// For flags

CVE-2015-1515

SoftSphere DefenseWall FW/IPS 3.24 - Local Privilege Escalation

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.

El controlador dwall.sys en SoftSphere DefenseWall Personal Firewall 3.24 permite a usuarios locales escribir datos a localizaciones de memoria arbitrarias, y como consecuencia ganar privilegios, a través de una llamada IOCTL 0x00222000, 0x00222004, 0x00222008, 0x0022200c, o 0x00222010 manipulada.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-02-06 CVE Reserved
  • 2015-02-11 First Exploit
  • 2015-02-19 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Softsphere
Search vendor "Softsphere"
 Defensewall Personal Firewall
Search vendor "Softsphere" for product "Defensewall Personal Firewall"
 3.24
Search vendor "Softsphere" for product "Defensewall Personal Firewall" and version "3.24"
-
Affected