CVE-2017-17429

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 83.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

K7computing Antivirus K7computing Endpoint K7computing Internet Security +2 more

Timeline

PublishedJan 16

Latest updateMay 13

Description

In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDk7computing/antivirus< 15.1.0.53+1

▶NVDk7computing/endpoint< 14.2.0137

▶NVDk7computing/total_security< 15.1.0324+1

▶NVDk7computing/internet_security< 15.1.0297

▶NVDk7computing/ultimate_security< 15.1.0324

🔴Vulnerability Details

GHSA

GHSA-r9mg-3q2x-5r7p: In K7 Antivirus Premium before 15↗2022-05-13

▶

CVEList

CVE-2017-17429: In K7 Antivirus Premium before 15↗2018-01-16

▶