Vulnerabilities > CVE-2018-3989 - Use of Uninitialized Resource vulnerability in Wibu Wibukey 6.40

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
wibu
CWE-908

Summary

An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Wibu
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2018-0657
last seen2019-05-29
published2019-01-28
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0657
titleWIBU-SYSTEMS WibuKey.sys 0x8200E804 kernel memory information disclosure vulnerability