Vulnerability Details CVE-2014-2382
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.1%
CVSS Severity
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/129172/Faronics-Deep-Freeze-Arbitrary-Code-Execution.html
- http://seclists.org/fulldisclosure/2014/Nov/52
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2382/
- http://packetstormsecurity.com/files/129172/Faronics-Deep-Freeze-Arbitrary-Code-Execution.html
- http://seclists.org/fulldisclosure/2014/Nov/52
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2382/
Products affected by CVE-2014-2382
-
cpe:2.3:a:faronics:deep_freeze:*
-
cpe:2.3:a:faronics:deep_freeze:5.30.220.1180
-
cpe:2.3:a:faronics:deep_freeze:5.30.220.1181
-
cpe:2.3:a:faronics:deep_freeze:5.40.220.1238
-
cpe:2.3:a:faronics:deep_freeze:5.40.220.1248
-
cpe:2.3:a:faronics:deep_freeze:5.50.220.1288
-
cpe:2.3:a:faronics:deep_freeze:5.50.220.1299
-
cpe:2.3:a:faronics:deep_freeze:5.50.220.1302
-
cpe:2.3:a:faronics:deep_freeze:5.60.220.1347
-
cpe:2.3:a:faronics:deep_freeze:5.70.220.1372
-
cpe:2.3:a:faronics:deep_freeze:5.70.220.1378
-
cpe:2.3:a:faronics:deep_freeze:5.70.220.1425
-
cpe:2.3:a:faronics:deep_freeze:5.70.220.1426
-
cpe:2.3:a:faronics:deep_freeze:5.70.220.1453
-
cpe:2.3:a:faronics:deep_freeze:6.00.220.1523
-
cpe:2.3:a:faronics:deep_freeze:6.10.220.1616
-
cpe:2.3:a:faronics:deep_freeze:6.20.220.1692
-
cpe:2.3:a:faronics:deep_freeze:6.30.220.1818
-
cpe:2.3:a:faronics:deep_freeze:6.30.220.1819
-
cpe:2.3:a:faronics:deep_freeze:6.30.220.1829
-
cpe:2.3:a:faronics:deep_freeze:6.30.220.1871
-
cpe:2.3:a:faronics:deep_freeze:6.30.220.1875
-
cpe:2.3:a:faronics:deep_freeze:6.30.220.1917
-
cpe:2.3:a:faronics:deep_freeze:6.30.220.1926
-
cpe:2.3:a:faronics:deep_freeze:6.30.220.1931
-
cpe:2.3:a:faronics:deep_freeze:6.40.220.1968
-
cpe:2.3:a:faronics:deep_freeze:6.41.220.1973
-
cpe:2.3:a:faronics:deep_freeze:6.50.220.2651
-
cpe:2.3:a:faronics:deep_freeze:6.51.220.2725
-
cpe:2.3:a:faronics:deep_freeze:6.52.220.2735
-
cpe:2.3:a:faronics:deep_freeze:6.53.220.2763
-
cpe:2.3:a:faronics:deep_freeze:6.60.220.2771
-
cpe:2.3:a:faronics:deep_freeze:6.61.220.2822
-
cpe:2.3:a:faronics:deep_freeze:6.62.220.3058
-
cpe:2.3:a:faronics:deep_freeze:7.00.220.3173
-
cpe:2.3:a:faronics:deep_freeze:7.10.220.3176
-
cpe:2.3:a:faronics:deep_freeze:7.20.220.3398
-
cpe:2.3:a:faronics:deep_freeze:7.21.220.3447
-
cpe:2.3:a:faronics:deep_freeze:7.30.220.3852
-
cpe:2.3:a:faronics:deep_freeze:7.40.220.3900
-
cpe:2.3:a:faronics:deep_freeze:7.50.220.4100
-
cpe:2.3:a:faronics:deep_freeze:7.51.220.4170
-
cpe:2.3:a:faronics:deep_freeze:7.60.220.4298
-
cpe:2.3:a:faronics:deep_freeze:7.61.220.4320
-
cpe:2.3:a:faronics:deep_freeze:7.70.220.4460
-
cpe:2.3:a:faronics:deep_freeze:7.71.220.4499
-
cpe:2.3:a:faronics:deep_freeze:7.72.220.4535