Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2007-0708 — Firewall PRO vulnerability
4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 62.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedFeb 4
Latest updateMay 1
Description
cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
CVSS vector
AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0