PT-2017-13284 · Jungo · Windriver

Mr_Me

Published

2017-09-11

Updated

2018-10-17

CVE-2017-14153

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jungo WinDriver versions prior to 12.4.0

Description This issue allows local attackers to escalate privileges. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver, due to the failure to properly validate user-supplied data, which can result in a kernel pool overflow. This can be leveraged to execute arbitrary code under the context of the kernel.

Recommendations For Jungo WinDriver versions prior to 12.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-14153

Affected Products

Windriver

PT-2017-13284 · Jungo · Windriver

CVE-2017-14153

Weakness Enumeration

Related Identifiers

Affected Products

References · 4