PT-2024-38845 · Faronics · Deep Freeze
Andres Roldan
·
Published
2024-10-02
·
Updated
2025-02-04
·
CVE-2024-8159
CVSS v3.1
6.4
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
Deep Freeze version 9.00.020.5760
Description:
The issue is an out-of-bounds read vulnerability in the FarDisk.sys driver of Deep Freeze. It can be triggered by the 0x70014 IOCTL code. This vulnerability is locally exploitable and can lead to system compromise if not patched.
Recommendations:
For Deep Freeze version 9.00.020.5760, patch the system as soon as possible to prevent exploitation. As a temporary workaround, consider restricting access to the FarDisk.sys driver until a patch is available.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deep Freeze