Insufficient Authentication in K7 Antivirus Premium Allows Unauthorized Access to Raw Hard Disk

Insufficient Authentication in K7 Antivirus Premium Allows Unauthorized Access to Raw Hard Disk

CVE-2017-17429 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL.

Learn more about our User Device Pen Test.