PT-2020-12663 · Winmagic · Winmagic Securedoc

Published

2020-06-22

Updated

2022-05-03

CVE-2020-11520

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WinMagic SecureDoc versions 8.5 and earlier

Description The issue allows local users to write to arbitrary kernel memory addresses due to the lack of pointer validation in the IOCTL dispatcher of the SDDisk2k.sys driver. This can result in privileged code execution.

Recommendations For versions 8.5 and earlier, consider disabling the SDDisk2k.sys driver until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the IOCTL dispatcher to minimize the risk of privileged code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2020-11520

Affected Products

Winmagic Securedoc

PT-2020-12663 · Winmagic · Winmagic Securedoc

CVE-2020-11520

Weakness Enumeration

Related Identifiers

Affected Products

References · 5