Denial of Service Flaw in Jungo DriverWizard Driver by Jungo
CVE-2018-10072

5.5MEDIUM

Key Information:

Vendor: Jungo
Status: Windriver
Vendor: CVE Published:; 12 April 2018

What is CVE-2018-10072?

The windrvr1260.sys component in Jungo DriverWizard version 12.6.0 is susceptible to a denial of service attack. By leveraging a specific DeviceIoControl call (0x953827bf), an attacker can trigger a Blue Screen of Death (BSOD), causing the system to crash. This vulnerability poses significant risks by undermining the stability of affected systems, making it crucial for users to apply necessary updates and patches to mitigate potential disruptions.

References

https://github.com/bigric3/windrvr1260_poc3

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 12, 2018