CVE-2019-14694 - OpenCVE

A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Comodo	Antivirus

Configuration 1 [-]

cpe:2.3:a:comodo:antivirus:12.0.0.6870:*:*:*:*:*:*:*

References

Link	Resource
http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html	Exploit Third Party Advisory
https://github.com/SouhailHammou/Exploits/blob/master/CVE-2019-14694%20-%20Comodo%20AV%20Sandbox%20Race%20Condition%20UAF/comodo_av_uaf_poc.c	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-28T19:12:32

Updated: 2019-08-28T19:12:32

Reserved: 2019-08-06T00:00:00

Link: CVE-2019-14694

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-08-28T20:15:10.670

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-14694

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-28T19:12:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2019-14694%20-%20Comodo%20AV%20Sandbox%20Race%20Condition%20UAF/comodo_av_uaf_poc.c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-14694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html", "refsource": "MISC", "url": "http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html"}, {"name": "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2019-14694%20-%20Comodo%20AV%20Sandbox%20Race%20Condition%20UAF/comodo_av_uaf_poc.c", "refsource": "MISC", "url": "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2019-14694%20-%20Comodo%20AV%20Sandbox%20Race%20Condition%20UAF/comodo_av_uaf_poc.c"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-14694", "datePublished": "2019-08-28T19:12:32", "dateReserved": "2019-08-06T00:00:00", "dateUpdated": "2019-08-28T19:12:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:comodo:antivirus:12.0.0.6870:*:*:*:*:*:*:*", "matchCriteriaId": "2CCF7B67-C7D7-4E16-9568-CC54BC446851", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container."}, {"lang": "es", "value": "Se puede desencadenar un fallo use-after-free en el contenedor sandbox implementado en cmdguard.sys en Comodo Antivirus 12.0.0.6870 debido a una condici\u00f3n de carrera al manejar solicitudes IRP_MJ_CLEANUP en el minifiltro para notificaciones de cambio de directorio. Esto permite que un atacante provoque una denegaci\u00f3n de servicio (BSOD) cuando se ejecuta un ejecutable dentro del contenedor."}], "id": "CVE-2019-14694", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-28T20:15:10.670", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2019-14694%20-%20Comodo%20AV%20Sandbox%20Race%20Condition%20UAF/comodo_av_uaf_poc.c"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}