CVE-2008-2926

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGH

EPSS

0.1%

top 82.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Internet Security Suite CA Host Based Intrusion Prevention System

Timeline

PublishedAug 12

Latest updateMay 1

Description

The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDca/host_based_intrusion_prevention_systemr8

▶NVDbroadcom/internet_security_suite3.0

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-6cmr-6f4q-j55j: The kmxfw↗2022-05-01

▶

CVEList

CVE-2008-2926: The kmxfw↗2008-08-12

▶

💬Community

Bugzilla

CVE-2008-4682 wireshark: DoS (app abort) via a malformed .ncf file with an unknown/unexpected packet type↗2008-10-23

▶