CVE-2024-1096 - OpenCVE

Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Filseclab	Twister Antivirus

Configuration 1 [-]

cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*

References

Link	Resource
http://www.filseclab.com/en-us/products/twister.htm	Product
https://fluidattacks.com/advisories/holiday/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2024-02-13T14:53:20.381Z

Updated: 2024-03-08T22:03:21.793Z

Reserved: 2024-01-31T03:21:37.102Z

Link: CVE-2024-1096

JSON object: View

NVD Information

Status : Modified

Published: 2024-02-13T15:15:08.217

Modified: 2024-03-21T02:51:34.720

Link: CVE-2024-1096

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-1096", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "state": "PUBLISHED", "assignerShortName": "Fluid Attacks", "dateReserved": "2024-01-31T03:21:37.102Z", "datePublished": "2024-02-13T14:53:20.381Z", "dateUpdated": "2024-03-08T22:03:21.793Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Twister Antivirus", "vendor": "Filseclab", "versions": [{"status": "affected", "version": "8.17"}]}], "datePublic": "2024-06-02T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the <code>0x80112067</code>, <code>0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F,</code> <code>0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F,</code> <code>0x80112073, 0x80112077, 0x80112078, 0x8011207C</code> and <code>0x80112080</code> IOCTL codes of the <code>fildds.sys</code> driver."}], "value": "Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F,\u00a00x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F,\u00a00x80112073, 0x80112077, 0x80112078, 0x8011207C\u00a0and 0x80112080\u00a0IOCTL codes of the fildds.sys\u00a0driver."}], "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2024-03-08T22:03:21.793Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://fluidattacks.com/advisories/holiday/"}, {"tags": ["product"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}], "source": {"discovery": "UNKNOWN"}, "title": "Twister Antivirus v8.17 - Denial of Service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}