Kernel Memory Disclosure Vulnerability in WIBU-SYSTEMS WibuKey Driver
CVE-2018-3989

4.3MEDIUM

Key Information:

Vendor

Wibu

Status
Wibukey
Vendor
CVE Published:
5 February 2019

What is CVE-2018-3989?

A vulnerability resides in the 0x8200E804 IOCTL handler of the WibuKey.sys driver from WIBU-SYSTEMS, where an attacker can exploit a specially crafted IRP request. This exploitation leads to the disclosure of uninitialized memory in the kernel, allowing unauthorized access to sensitive information. Attackers targeting this flaw can potentially gain insights into the operating system's inner workings, emphasizing the need for timely remediation and effective security measures.

References

http://www.securityfocus.com/bid/107005
vdb-entryx_refsource_BID
https://talosintelligence.com/vulnerability_reports/TALOS...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-84456...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.