Buffer Overflow Vulnerability in WibuKey.sys by WIBU-SYSTEMS
CVE-2018-3990

9.3CRITICAL

Key Information:

Vendor

Wibu

Status
Wibukey
Vendor
CVE Published:
5 February 2019

What is CVE-2018-3990?

A vulnerability exists in the 0x8200E804 IOCTL handler of WibuKey.sys, present in WIBU-SYSTEMS software. An attacker can exploit this flaw by sending specially crafted IRP requests that lead to buffer overflow and kernel memory corruption, which could allow for privilege escalation. This vulnerability emphasizes the importance of safeguarding against unauthorized IRP requests and highlights potential risks associated with kernel-level components.

References

http://www.securityfocus.com/bid/107005
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-84456...
x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-76012...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.