#VU16678 Heap-based buffer overflow in Wibukey - CVE-2018-3991
Published: December 24, 2018
Vulnerability identifier: #VU16678
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-3991
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Wibukey
Wibukey
Software vendor:
Wibu Systems
Wibu Systems
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in the WkbProgramLow function of WibuKey Network server management when handling malicious input. A remote attacker can supply a specially crafted TCP package, trigger memory corruption and execute kernel level code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to heap-based buffer overflow in the WkbProgramLow function of WibuKey Network server management when handling malicious input. A remote attacker can supply a specially crafted TCP package, trigger memory corruption and execute kernel level code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 6.50.