CVE-2017-7720 - OpenCVE

Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Privatetunnel	Privatetunnel

Configuration 1 [-]

OR	cpe:2.3:a:privatetunnel:privatetunnel:2.7:::::::*
	cpe:2.3:a:privatetunnel:privatetunnel:2.8:::::::*

References

Link	Resource
https://www.exploit-db.com/exploits/41916/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-26T14:00:00

Updated: 2017-04-26T12:57:01

Reserved: 2017-04-12T00:00:00

Link: CVE-2017-7720

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-26T14:59:00.257

Modified: 2017-05-03T13:15:38.610

Link: CVE-2017-7720

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:privatetunnel:privatetunnel:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "FA31177F-EEEE-4886-A4C1-83AA80C921F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:privatetunnel:privatetunnel:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "67325F37-5868-4F99-863A-2C7D81AB8B52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password."}, {"lang": "es", "value": "Un desbordamiento de buffer en PrivateTunnel 2.7 y 2.8 permite a un atacante local causar una denegaci\u00f3n de servicio (sobreescritura de SEH) a trav\u00e9s de una contrase\u00f1a larga."}], "id": "CVE-2017-7720", "lastModified": "2017-05-03T13:15:38.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-26T14:59:00.257", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41916/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}