Vulnerability Details : CVE-2014-2382
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2014-2382
- cpe:2.3:a:faronics:deep_freeze:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:faronics:deep_freeze:*:*:*:*:standard:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2382
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2382
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-2382
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2382
-
http://packetstormsecurity.com/files/129172/Faronics-Deep-Freeze-Arbitrary-Code-Execution.html
Faronics Deep Freeze Arbitrary Code Execution ≈ Packet StormExploit
-
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2382/
cve-2014-2382 - PortcullisExploit
-
http://seclists.org/fulldisclosure/2014/Nov/52
Full Disclosure: CVE-2014-2382 - Arbitrary Code Execution In Faronics Deep Freeze Standard and EnterpriseExploit
Jump to