The vulnerability of the IOCTL processor 0x8200E804 of the software device with hardware security keys WibuKey allows a perpetrator to exploit memory access on the kernel level.

🗓️ 26 Feb 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in input/output control 0x8200E804 of WibuKey enables kernel memory access via crafted requests.

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of the IOCTL processor 0x8200E804 of the hardware security keys of the WibuKey software allows a perpetrator to cause kernel memory corruption.	26 Feb 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the WkbProgramLow function in the WibuKey Network Server Management security tool allows a hacker to trigger a service failure.	26 Feb 201900:00	–	bdu_fstec
Circl	CVE-2018-3989	29 Jan 201915:18	–	circl
CNVD	WIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL Kernel Information Disclosure Vulnerability	12 Feb 201900:00	–	cnvd
CVE	CVE-2018-3989	5 Feb 201922:00	–	cve
Cvelist	CVE-2018-3989	5 Feb 201922:00	–	cvelist
EUVD	EUVD-2018-15775	7 Oct 202500:30	–	euvd
ICS	WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)	12 Feb 201900:00	–	ics
ICS	WIBU SYSTEMS AG WibuKey Digital Rights Management (Update B)	12 Mar 201900:00	–	ics
NVD	CVE-2018-3989	5 Feb 201923:29	–	nvd

Vulners

Node

siemens_ag sicam_230Range≤7.20

OR

wibu-systems_ag wibukeyMatch6.40

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-3989
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2018-0657
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 22.1

CVSS 34.3

EPSS0.00138

input output control hex code 8200E804 WibuKey driver kernel memory access insufficient input validation