CVE-2024-45182 identifies a vulnerability in the WibuKey64.sys kernel-mode driver component of WIBU-SYSTEMS WibuKey software, a widely used software licensing and protection solution. The issue stems from an improper bounds check (classified under CWE-404: Improper Resource Shutdown or Release) within the driver, which processes specially crafted packets. This flaw allows an attacker with local low-level privileges to perform an arbitrary address read operation. While the vulnerability does not allow for data modification or disclosure, the arbitrary read can cause system instability or crashes, resulting in a denial of service (DoS) condition. The attack vector is local (AV:L), requiring low privileges (PR:L) but no user interaction (UI:N). The scope is unchanged (S:U), and the impact affects availability (A:H) only, with no impact on confidentiality or integrity. The vulnerability was fixed in version 6.70 of the software. No public exploits have been reported, but the medium CVSS score of 5.5 reflects the moderate risk posed by this DoS vulnerability in critical licensing software components that operate at the kernel level.

The primary impact of CVE-2024-45182 is denial of service, which can disrupt the availability of systems running WIBU-SYSTEMS WibuKey licensing software. This can lead to interruptions in software licensing enforcement, potentially causing protected applications to fail or become unusable. Organizations relying on WibuKey for software protection in critical environments—such as industrial control systems, software vendors, and enterprises with licensed software dependencies—may experience operational downtime. Although the vulnerability does not expose sensitive data or allow privilege escalation, the disruption of licensing services can halt business processes and impact productivity. The requirement for local access limits remote exploitation, but insider threats or compromised local accounts could leverage this vulnerability to cause service outages. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or intentional crashes.

To mitigate CVE-2024-45182, organizations should promptly upgrade WIBU-SYSTEMS WibuKey software to version 6.70 or later, where the vulnerability is fixed. In environments where immediate patching is not feasible, restrict local access to systems running the vulnerable driver to trusted personnel only, and monitor for unusual system crashes or instability that could indicate exploitation attempts. Employ endpoint protection solutions capable of detecting anomalous kernel driver behavior. Additionally, implement strict privilege management to minimize the number of users with local low-level access. Conduct regular audits of software versions and driver integrity to ensure compliance with security policies. For critical systems, consider isolating or segmenting machines running WibuKey to limit potential impact. Maintain up-to-date backups and incident response plans to quickly recover from potential denial of service events.