#VU16680 Information disclosure in Wibukey - CVE-2018-3989
Published: December 24, 2018
Vulnerability identifier: #VU16680
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-3989
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Wibukey
Wibukey
Software vendor:
Wibu Systems
Wibu Systems
Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to information exposure in the 0x8200E804 IOCTL handler functionality when handling malicious input. A local attacker can use a specially crafted IRP request, cause the driver to return uninitialized memory and disclose kernel memory.
The weakness exists due to information exposure in the 0x8200E804 IOCTL handler functionality when handling malicious input. A local attacker can use a specially crafted IRP request, cause the driver to return uninitialized memory and disclose kernel memory.
Remediation
Update to version 6.50.