CVE-2018-3989
MEDIUMWIBU-SYSTEMS WibuKey.sys 6.40 (Build 2400) - Kernel Memory Disclosure via 0x8200E804 IOCTL Handler
Title source: llmDescription
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107005
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf
Scores
CVSS v3
4.3
EPSS
0.0057
EPSS Percentile
42.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-908
Status
published
Products (1)
wibu/wibukey
6.40
Published
Feb 05, 2019
Tracked Since
Feb 18, 2026