Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5724

CWE-2644 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 57.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Eset Smart Security
Timeline
PublishedDec 26
Latest updateMay 17

Description

The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDeset/smart_security3.0.672+9

🔴Vulnerability Details

2
GHSA
GHSA-5cvq-8gr9-5xpq: The Personal Firewall driver (aka epfw2022-05-17
CVEList
CVE-2008-5724: The Personal Firewall driver (aka epfw2008-12-26

💥Exploits & PoCs

1
Exploit-DB
ESET Smart Security 3.0.672 - 'epfw.sys' Local Privilege Escalation2008-12-18
CVE-2008-5724 (HIGH CVSS 7.2) | The Personal Firewall driver (aka e | cvebase.io