CVE-2017-17429

EUVD-2017-8594
In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
k7computingantivirus
𝑥
< 15.1.0.53
k7computingantivirus
𝑥
< 15.1.0308
k7computingendpoint
𝑥
< 14.2.0137
k7computinginternet_security
𝑥
< 15.1.0297
k7computingtotal_security
𝑥
< 15.1.0324
k7computingtotal_security
𝑥
< 16.0.0131
k7computingultimate_security
𝑥
< 15.1.0324
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-5th-December-2017
https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-5th-December-2017