SRC-2017-0025 : Jungo DriverWizard WinDriver Kernel Driver Out-of-Bounds Write Privilege Escalation Vulnerability
CVE ID:
CVE-2017-14133
CVSS Score:
6.2, (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Affected Vendors:
Jungo
Affected Products:
DriverWizard WinDriver
Vulnerability Details:
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the processing of IOCTL 0x9538268f by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
Vendor Response:
Jungo has not issued an update to correct this vulnerability.
Disclosure Timeline:
- 2017-08-22 – Verified and sent to Jungo via sales@/first@/security@/[email protected]
- 2017-08-25 – No response from Jungo and two bounced emails
- 2017-08-26 – Attempted a follow up with the vendor via website chat
- 2017-08-26 – No response via the website chat
- 2017-09-03 – Recieved an email from a Jungo representative stating that they are "looking into it"
- 2017-09-03 – Requested an timeframe for patch development and warned of possible 0day release
- 2017-09-06 – No response from Jungo
- 2017-09-06 – Public 0day release of advisory
Proof of Concept:
https://srcincite.io/pocs/src-2017-0025.py.txt
Credit:
This vulnerability was discovered by Steven Seeley (mr_me) of Source Incite