PT-2004-3223 · Kerio · Kerio Personal Firewall

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2329

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Kerio Personal Firewall version 2.1.5

Description: The issue allows local users to execute arbitrary code with SYSTEM privileges. This is possible due to the Load button in the Firewall Configuration Files option not dropping privileges before opening the file loading dialog box.

Recommendations: For Kerio Personal Firewall version 2.1.5, consider restricting access to the Firewall Configuration Files option until a patch is available. As a temporary workaround, avoid using the Load button in the Firewall Configuration Files option to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2329

Affected Products

Kerio Personal Firewall

PT-2004-3223 · Kerio · Kerio Personal Firewall

CVE-2004-2329

Related Identifiers

Affected Products

References · 8