CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.7 | $0-$5k | 0.00 |
A vulnerability was found in Microsoft Windows Server 2003 SP2 (Operating System) and classified as critical. This issue affects some unknown functionality of the component TCP/IP Stack. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
The weakness was shared 11/11/2014 by Matt Bergin with KoreLogic Security as MS14-070 as confirmed bulletin (Technet). The advisory is shared at technet.microsoft.com. The identification of this vulnerability is CVE-2014-4076 since 06/12/2014. The attack may be initiated remotely. A simple authentication is required for exploitation. Technical details are unknown but a public exploit is available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
A public exploit has been developed by KoreLogic in Python and been published 3 months after the advisory. The exploit is available at securityfocus.com. It is declared as highly functional. We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 79130 (MS14-070: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins.
Applying the patch MS14-070 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (98340), Tenable (79130) and Exploit-DB (35936). The entries 68192 and 68190 are related to this item.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.3
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Author: KoreLogic
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 79130
Nessus Name: MS14-070: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 802074
OpenVAS Name: Microsoft Windows TCP/IP Privilege Elevation Vulnerability (2989935)
OpenVAS File: 🔍
OpenVAS Family: 🔍
MetaSploit ID: ms14_070_tcpip_ioctl.rb
MetaSploit Name: MS14-070 Windows tcpip!SetAddrOptions NULL Pointer Dereference
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Patch: MS14-070
Timeline
06/12/2014 🔍11/11/2014 🔍
11/11/2014 🔍
11/11/2014 🔍
11/11/2014 🔍
11/11/2014 🔍
11/11/2014 🔍
11/12/2014 🔍
11/12/2014 🔍
01/29/2015 🔍
01/29/2015 🔍
02/24/2022 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS14-070
Researcher: Matt Bergin
Organization: KoreLogic Security
Status: Confirmed
CVE: CVE-2014-4076 (🔍)
OVAL: 🔍
X-Force: 98340 - Microsoft Windows TCP/IP stack privilege escalation, Medium Risk
SecurityTracker: 1031190 - Windows TCP/IP Stack Object Handling Flaw Lets Local Users Gain Elevated Privileges
Vulnerability Center: 46996 - [MS14-070] Microsoft Windows TCP/IP Stack on Windows Server 2003 Local Privilege Escalation Vulnerability, Medium
SecurityFocus: 70976 - Microsoft Windows TCP/IP CVE-2014-4076 Local Privilege Escalation Vulnerability
OSVDB: 114532
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 11/12/2014 17:43Updated: 02/24/2022 16:20
Changes: 11/12/2014 17:43 (88), 08/19/2018 20:13 (11), 02/24/2022 16:20 (3)
Complete: 🔍
Cache ID: 18:7C9:103
No comments yet. Languages: en.
Please log in to comment.