Login Sign Up

CVE-2024-45181

7.8 HIGH

📋 TL;DR

This vulnerability in WibuKey64.sys driver allows attackers to send specially crafted packets that bypass bounds checking, leading to arbitrary address writes and kernel memory corruption. It affects all systems running WIBU-SYSTEMS WibuKey software versions before 6.70. This could enable local privilege escalation or system compromise.

💻 Affected Systems

Products:
  • WIBU-SYSTEMS WibuKey
Versions: All versions before 6.70
Operating Systems: Windows (64-bit)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WibuKey64.sys driver to be loaded and accessible. Typically affects systems using WIBU software protection/dongle technology.

📦 What is this software?

Wibukey by Wibu

View all CVEs affecting Wibukey →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via kernel privilege escalation leading to full administrative control, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain SYSTEM/root privileges from a lower-privileged account.

🟢

If Mitigated

Limited impact if proper access controls prevent local user access or if vulnerable driver is not loaded.

🌐 Internet-Facing: LOW - This appears to be a local driver vulnerability requiring local access to exploit.
🏢 Internal Only: HIGH - Any internal user with local access could potentially exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of driver communication. Kernel exploitation requires careful memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.70

Vendor Advisory: https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-94453.pdf

Restart Required: Yes

Instructions:

1. Download WibuKey version 6.70 or later from wibu.com. 2. Install the update following vendor instructions. 3. Restart the system to load the patched driver.

🔧 Temporary Workarounds

Disable WibuKey driver

windows

Temporarily disable the vulnerable driver if WibuKey functionality is not required

sc stop WibuKey64
sc config WibuKey64 start= disabled

Restrict driver access

windows

Apply strict ACLs to limit which users can interact with the driver

icacls "C:\Windows\System32\drivers\WibuKey64.sys" /deny Users:(R,X)

🧯 If You Can't Patch

  • Implement strict access controls to limit local user access to systems running WibuKey
  • Monitor for suspicious driver interactions and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check WibuKey version in installed programs or driver version via 'driverquery /v | findstr WibuKey64'

Check Version:

driverquery /v | findstr WibuKey64

Verify Fix Applied:

Verify WibuKey version is 6.70 or higher and driver date is after patch release

📡 Detection & Monitoring

Log Indicators:

  • Driver load events for WibuKey64.sys
  • Privilege escalation attempts
  • Unusual process creation from driver-related processes

Network Indicators:

  • Local inter-process communication with WibuKey driver

SIEM Query:

EventID=7045 AND ServiceName="WibuKey64" OR ProcessName="WibuKey64.sys" AND EventID=4688

📊 Metadata

CVE ID: CVE-2024-45181
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: September 12, 2024
Last Updated: September 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45181, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)