Information disclosure in Wibukey - CVE-2018-3989
Published: December 24, 2018
Vulnerability identifier: #VU16680
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-3989
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Wibu Systems
Affected software:
Wibukey
Wibukey
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to information exposure in the 0x8200E804 IOCTL handler functionality when handling malicious input. A local attacker can use a specially crafted IRP request, cause the driver to return uninitialized memory and disclose kernel memory.
The weakness exists due to information exposure in the 0x8200E804 IOCTL handler functionality when handling malicious input. A local attacker can use a specially crafted IRP request, cause the driver to return uninitialized memory and disclose kernel memory.
How to mitigate CVE-2018-3989
Update to version 6.50.