Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-18019Improper Input Validation in Total Security

CWE-20Improper Input Validation4 documents4 sources
Severity
7.1HIGHNVD
EPSS
1.4%
top 19.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
K7computing Total Security
Timeline
PublishedJan 4
Latest updateMay 14

Description

In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

NVDk7computing/total_security< 15.1.0.305

🔴Vulnerability Details

2
GHSA
GHSA-6xcc-8jcr-hfj7: In K7 Total Security before 152022-05-14
CVEList
CVE-2017-18019: In K7 Total Security before 152018-01-04

💥Exploits & PoCs

1
Exploit-DB
K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read2017-10-23
CVE-2017-18019 — Improper Input Validation | cvebase