Lucene search

Fluid AttacksCVE-2024-1096

HistoryFeb 13, 2024 - 3:15 p.m.

CVE-2024-1096

2024-02-1315:15:08

CWE-476

Fluid Attacks

web.nvd.nist.gov

twister antivirus

elevation of privileges

cve-2024-1096

nvd

ioctl codes

fildds.sys driver

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver.

Affected configurations

Nvd

Node

filseclabtwister_antivirusMatch8.17

VendorProductVersionCPE
filseclabtwister_antivirus8.17cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
filseclab	twister_antivirus	8.17	cpe:2.3:a:filseclab:twister_antivirus:8.17:::::::*

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Windows"
    ],
    "product": "Twister Antivirus",
    "vendor": "Filseclab",
    "versions": [
      {
        "status": "affected",
        "version": "8.17"
      }
    ]
  }
]

References

www.filseclab.com/en-us/products/twister.htm

fluidattacks.com/advisories/holiday/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-1096