CVE-2024-45181 is a vulnerability identified in the WibuKey64.sys kernel-mode driver component of WIBU-SYSTEMS WibuKey software, which is used for software licensing and protection. The vulnerability stems from an improper bounds check in the driver’s handling of crafted packets, allowing an attacker to write arbitrary data to arbitrary kernel memory addresses. This arbitrary write capability can corrupt kernel memory, potentially leading to privilege escalation, system crashes, or arbitrary code execution with kernel privileges. The flaw affects versions of WibuKey prior to 6.70 and was fixed in version 6.70. Exploitation requires local access with low privileges (PR:L), no user interaction (UI:N), and has low attack complexity (AC:L). The vulnerability impacts confidentiality, integrity, and availability (all rated high), and the scope is changed (S:C), meaning the vulnerability can affect components beyond the initially vulnerable driver. The CVSS 3.1 base score is 8.8, reflecting the critical nature of kernel memory corruption vulnerabilities. No public exploits are known at this time, but the vulnerability’s characteristics make it a prime candidate for exploitation in targeted attacks or malware seeking kernel-level control. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer).

The vulnerability allows an attacker with low-level local access to execute arbitrary writes to kernel memory, which can lead to full system compromise. This includes the ability to escalate privileges from a limited user account to SYSTEM or kernel level, bypass security controls, install persistent malware, or cause denial of service through system crashes. Organizations using WibuKey for software licensing or protection may face risks of intellectual property theft, unauthorized software use, or disruption of critical software services. The kernel-level impact means that successful exploitation can undermine the security of the entire operating system, affecting confidentiality, integrity, and availability of data and services. Given the widespread use of WibuKey in software industries, this vulnerability could be leveraged in targeted attacks against software vendors, developers, or enterprises relying on WibuKey-protected applications.

1. Immediately upgrade WibuKey software to version 6.70 or later, where the vulnerability is patched. 2. Restrict local access to systems running vulnerable versions by enforcing strict access controls and limiting user privileges. 3. Monitor system logs and kernel driver activity for unusual behavior or attempts to interact with WibuKey64.sys in unexpected ways. 4. Employ endpoint detection and response (EDR) solutions capable of detecting kernel-level anomalies or exploitation attempts. 5. Use application whitelisting to prevent unauthorized execution of code that could exploit this vulnerability. 6. Conduct regular security audits and vulnerability scans to identify systems running outdated WibuKey versions. 7. Educate users about the risks of executing untrusted code locally, as local access is required for exploitation. 8. Consider isolating critical systems that use WibuKey from general user environments to reduce attack surface.