Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-3956Client vulnerability

CWE-2646 documents5 sources
Severity
7.2HIGHNVD
EPSS
2.2%
top 15.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Client
Timeline
PublishedJul 31
Latest updateMay 17

Description

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDnovell/client2.0, 4.91+1

🔴Vulnerability Details

3
GHSA
GHSA-5844-j43c-g95g: The NICM2022-05-17
CVEList
CVE-2013-3956: The NICM2013-07-31
VulnCheck
Novell Client for Windows NICM.SYS Local Privilege Escalation Vulnerability2013

💥Exploits & PoCs

2
Exploit-DB
Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation2013-07-29
Exploit-DB
Novell Client 2 SP3 - 'nicm.sys' Local Privilege Escalation (Metasploit)2013-06-26
CVE-2013-3956 — Novell Client vulnerability | cvebase