CVE Vulnerability

CVE-2018-3989

An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657 Exploit Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf Third Party Advisory
http://www.securityfocus.com/bid/107005 Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
Configurations

Configuration 1
Information

Published : 2019-02-05 11:29

Updated : 2022-04-19 06:15

NVD link : CVE-2018-3989

Mitre link : CVE-2018-3989

Products Affected
No products.
CWE
CWE-908