CVE-2024-1140 - Vulnerability Details - OpenCVE

Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Filseclab	Twister Antivirus

Configuration 1 [-]

cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.filseclab.com/en-us/products/twister.htm
https://fluidattacks.com/advisories/fitzgerald/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2024-02-13T15:05:22.732Z

Updated: 2024-08-16T19:09:05.288Z

Reserved: 2024-01-31T22:23:11.905Z

Link: CVE-2024-1140

Vulnrichment

Updated: 2024-08-01T18:26:30.606Z

NVD

Status : Modified

Published: 2024-02-13T15:15:08.437

Modified: 2024-11-21T08:49:53.403

Link: CVE-2024-1140

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1140", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "state": "PUBLISHED", "assignerShortName": "Fluid Attacks", "dateReserved": "2024-01-31T22:23:11.905Z", "datePublished": "2024-02-13T15:05:22.732Z", "dateUpdated": "2024-08-16T19:09:05.288Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Twister Antivirus", "vendor": "Filseclab", "versions": [{"status": "affected", "version": "8.17"}]}], "datePublic": "2024-02-06T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver."}], "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver."}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2024-02-13T15:05:22.732Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://fluidattacks.com/advisories/fitzgerald/"}, {"tags": ["product"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}], "source": {"discovery": "EXTERNAL"}, "title": "Twister Antivirus v8.17 - Out-of-bounds Read", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.606Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://fluidattacks.com/advisories/fitzgerald/"}, {"tags": ["product", "x_transferred"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-16T19:08:33.459602Z", "id": "CVE-2024-1140", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T19:09:05.288Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fluidattacks.com/advisories/fitzgerald/", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://www.filseclab.com/en-us/products/twister.htm", "tags": ["product", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.606Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1140", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-16T19:08:33.459602Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T19:08:59.517Z"}}], "cna": {"title": "Twister Antivirus v8.17 - Out-of-bounds Read", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Filseclab", "product": "Twister Antivirus", "versions": [{"status": "affected", "version": "8.17"}], "platforms": ["Windows"], "defaultStatus": "unknown"}], "datePublic": "2024-02-06T17:00:00.000Z", "references": [{"url": "https://fluidattacks.com/advisories/fitzgerald/", "tags": ["third-party-advisory"]}, {"url": "http://www.filseclab.com/en-us/products/twister.htm", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.", "supportingMedia": [{"type": "text/html", "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2024-02-13T15:05:22.732Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1140", "state": "PUBLISHED", "dateUpdated": "2024-08-16T19:09:05.288Z", "dateReserved": "2024-01-31T22:23:11.905Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2024-02-13T15:05:22.732Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*", "matchCriteriaId": "C900E994-BE87-4417-808D-42DEBF93920A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver."}, {"lang": "es", "value": "Twister Antivirus v8.17 es afectado por una vulnerabilidad de lectura fuera de los l\u00edmites al activar el c\u00f3digo IOCTL 0x801120B8 del controlador filmfd.sys."}], "id": "CVE-2024-1140", "lastModified": "2024-11-21T08:49:53.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.7, "source": "help@fluidattacks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-13T15:15:08.437", "references": [{"source": "help@fluidattacks.com", "tags": ["Product"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}, {"source": "help@fluidattacks.com", "tags": ["Third Party Advisory"], "url": "https://fluidattacks.com/advisories/fitzgerald/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://fluidattacks.com/advisories/fitzgerald/"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "help@fluidattacks.com", "type": "Secondary"}]}