CVE-2014-5455

high

Description

Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.

References

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05325943

https://github.com/CVEProject/cvelist/pull/3909/commits/ace34f1cf94602f31760d3eb7ae68e17df8f914d

https://github.com/CVEProject/cvelist/pull/3909

Details

Source: Mitre, NVD

Published: 2014-08-25

Updated: 2020-06-01

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High