CVE-2018-3989
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Existe una vulnerabilidad de exposición de memoria del kernel explotable en la funcionalidad del gestor IOCTL 0x8200E804 de WibuKey.sys de WIBI-SYSTEMS, en su versión 6.40 (en el build 2400). Una petición IRP especialmente manipulada puede causar que el controlador devuelva memoria no inicializada, conduciendo a una exposición de la memoria del kernel. Un atacante puede enviar una petición IRP para provocar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-02 CVE Reserved
- 2019-02-05 CVE Published
- 2024-01-30 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-908: Use of Uninitialized Resource
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107005 | Third Party Advisory | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf | Third Party Advisory |
|
| https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf | Third Party Advisory |
|
| https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf | X_refsource_confirm |
|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wibu Search vendor "Wibu" | Wibukey Search vendor "Wibu" for product "Wibukey" | 6.40 Search vendor "Wibu" for product "Wibukey" and version "6.40" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|