Sign-up

ID

VAR-201907-0728


CVE

CVE-2019-14270


TITLE

plural Comodo Vulnerabilities related to security functions in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-007317

DESCRIPTION

Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Attackers can exploit this vulnerability to escape the sandbox

Trust: 1.71

sources: NVD: CVE-2019-14270 // JVNDB: JVNDB-2019-007317 // VULHUB: VHN-146200

AFFECTED PRODUCTS

vendor:comodomodel:antivirusscope:lteversion:12.0.0.6870

Trust: 1.8

vendor:comodomodel:firewallscope:lteversion:12.0.0.6870

Trust: 1.8

vendor:comodomodel:internet securityscope:lteversion:12.0.0.6870

Trust: 1.0

vendor:comodomodel:internet securityscope:lteversion:premium 12.0.0.6870

Trust: 0.8

sources: JVNDB: JVNDB-2019-007317 // NVD: CVE-2019-14270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14270
value: HIGH

Trust: 1.0

NVD: CVE-2019-14270
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-1320
value: HIGH

Trust: 0.6

VULHUB: VHN-146200
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-14270
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-146200
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14270
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-146200 // JVNDB: JVNDB-2019-007317 // CNNVD: CNNVD-201907-1320 // NVD: CVE-2019-14270

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-146200 // JVNDB: JVNDB-2019-007317 // NVD: CVE-2019-14270

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1320

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1320

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007317

PATCH
title:Top Pageurl:https://www.comodo.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-007317

EXTERNAL IDS
db:NVDid:CVE-2019-14270
Trust: 2.5
db:JVNDBid:JVNDB-2019-007317
Trust: 0.8
db:CNNVDid:CNNVD-201907-1320
Trust: 0.7
db:VULHUBid:VHN-146200
Trust: 0.1
sources:
            
            
            VULHUB: VHN-146200 // 
            
            
            
            JVNDB: JVNDB-2019-007317 // 
            
            
            
            CNNVD: CNNVD-201907-1320 // 
            
            
            
            NVD: CVE-2019-14270

REFERENCES
url:https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-14270
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14270
Trust: 0.8
sources:
            
            
            VULHUB: VHN-146200 // 
            
            
            
            JVNDB: JVNDB-2019-007317 // 
            
            
            
            CNNVD: CNNVD-201907-1320 // 
            
            
            
            NVD: CVE-2019-14270

SOURCES
db:VULHUBid:VHN-146200
db:JVNDBid:JVNDB-2019-007317
db:CNNVDid:CNNVD-201907-1320
db:NVDid:CVE-2019-14270

LAST UPDATE DATE
2024-11-23T23:08:22.541000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-146200date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-007317date:2019-08-07T00:00:00
db:CNNVDid:CNNVD-201907-1320date:2020-08-25T00:00:00
db:NVDid:CVE-2019-14270date:2024-11-21T04:26:20.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-146200date:2019-07-25T00:00:00
db:JVNDBid:JVNDB-2019-007317date:2019-08-07T00:00:00
db:CNNVDid:CNNVD-201907-1320date:2019-07-25T00:00:00
db:NVDid:CVE-2019-14270date:2019-07-25T17:15:11.880