Privilege Escalation Vulnerability in Jungo WinDriver Software
CVE-2017-14075

7.8HIGH

Key Information:

Vendor: Jungo
Status: Windriver
Vendor: CVE Published:; 11 September 2017

What is CVE-2017-14075?

A vulnerability exists in Jungo's WinDriver that allows local attackers to escalate their privileges. This issue arises from improper validation of user-supplied data in the processing of IOCTL 0x953824a7 within the windrvr1240 kernel driver. If an attacker manages to execute low-privileged code on the target system, they can exploit this flaw to perform an out-of-bounds write operation, ultimately gaining the ability to execute arbitrary code with kernel-level permissions.

References

http://packetstormsecurity.com/files/144045/Jungo-DriverW...

x_refsource_MISC

https://www.exploit-db.com/exploits/42625/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2017
Vulnerability Reserved
Aug 31, 2017