Vulnerabilities > CVE-2018-3989 - Use of Uninitialized Resource vulnerability in Wibu Wibukey 6.40

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
wibu
CWE-908
NVD
Published: 2019-02-05
Updated: 2022-04-19

Summary

An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Wibu
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2018-0657
last seen2019-05-29
published2019-01-28
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0657
titleWIBU-SYSTEMS WibuKey.sys 0x8200E804 kernel memory information disclosure vulnerability

References