CVE-2024-1096

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

T

wister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver.

References

Link	Resource
http://www.filseclab.com/en-us/products/twister.htm	Product
https://fluidattacks.com/advisories/holiday/	Third Party Advisory
http://www.filseclab.com/en-us/products/twister.htm	Product
https://fluidattacks.com/advisories/holiday/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*

History

21 Nov 2024, 08:49

Type	Values Removed	Values Added
References	~~() http://www.filseclab.com/en-us/products/twister.htm - Product~~	() http://www.filseclab.com/en-us/products/twister.htm - Product
References	~~() https://fluidattacks.com/advisories/holiday/ - Third Party Advisory~~	() https://fluidattacks.com/advisories/holiday/ - Third Party Advisory

Information

Published : 2024-02-13 15:15

Updated : 2024-11-21 08:49

NVD link : CVE-2024-1096

Mitre link : CVE-2024-1096

CVE.ORG link : CVE-2024-1096

JSON object : View

Products Affected

twister_antivirus

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-1096", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-13T15:15:08.217", "references": [{"url": "http://www.filseclab.com/en-us/products/twister.htm", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://fluidattacks.com/advisories/holiday/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.filseclab.com/en-us/products/twister.htm", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://fluidattacks.com/advisories/holiday/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F,\u00a00x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F,\u00a00x80112073, 0x80112077, 0x80112078, 0x8011207C\u00a0and 0x80112080\u00a0IOCTL codes of the fildds.sys\u00a0driver."}, {"lang": "es", "value": "Twister Antivirus v8.17 permite la elevaci\u00f3n de privilegios en la computadora donde est\u00e1 instalado activando los c\u00f3digos IOCTL 0x80112067, 0x801120CB y 0x801120CC del controlador fildds.sys."}], "lastModified": "2024-11-21T08:49:47.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C900E994-BE87-4417-808D-42DEBF93920A"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}