CVE-2024-1140 - Vulnerability Details - OpenCVE

Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Filseclab	Twister Antivirus

Configuration 1 [-]

cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.filseclab.com/en-us/products/twister.htm
https://fluidattacks.com/advisories/fitzgerald/

History

Mon, 19 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 19 May 2025 16:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H'}`	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2024-02-13T15:05:22.732Z

Updated: 2025-05-19T16:41:25.346Z

Reserved: 2024-01-31T22:23:11.905Z

Link: CVE-2024-1140

Vulnrichment

Updated: 2024-08-01T18:26:30.606Z

NVD

Status : Modified

Published: 2024-02-13T15:15:08.437

Modified: 2025-05-19T17:15:21.857

Link: CVE-2024-1140

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1140", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "state": "PUBLISHED", "assignerShortName": "Fluid Attacks", "dateReserved": "2024-01-31T22:23:11.905Z", "datePublished": "2024-02-13T15:05:22.732Z", "dateUpdated": "2025-05-19T16:41:25.346Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Twister Antivirus", "vendor": "Filseclab", "versions": [{"status": "affected", "version": "8.17"}]}], "datePublic": "2024-02-06T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver."}], "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver."}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2025-05-19T16:41:25.346Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://fluidattacks.com/advisories/fitzgerald/"}, {"tags": ["product"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}], "source": {"discovery": "EXTERNAL"}, "title": "Twister Antivirus v8.17 - Out-of-bounds Read", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.606Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://fluidattacks.com/advisories/fitzgerald/"}, {"tags": ["product", "x_transferred"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-16T19:08:33.459602Z", "id": "CVE-2024-1140", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T19:09:05.288Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fluidattacks.com/advisories/fitzgerald/", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://www.filseclab.com/en-us/products/twister.htm", "tags": ["product", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.606Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1140", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-16T19:08:33.459602Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T19:08:59.517Z"}}], "cna": {"title": "Twister Antivirus v8.17 - Out-of-bounds Read", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Filseclab", "product": "Twister Antivirus", "versions": [{"status": "affected", "version": "8.17"}], "platforms": ["Windows"], "defaultStatus": "unknown"}], "datePublic": "2024-02-06T17:00:00.000Z", "references": [{"url": "https://fluidattacks.com/advisories/fitzgerald/", "tags": ["third-party-advisory"]}, {"url": "http://www.filseclab.com/en-us/products/twister.htm", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.", "supportingMedia": [{"type": "text/html", "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2025-05-19T16:41:25.346Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1140", "state": "PUBLISHED", "dateUpdated": "2025-05-19T16:41:25.346Z", "dateReserved": "2024-01-31T22:23:11.905Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2024-02-13T15:05:22.732Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:filseclab:twister_antivirus:8.17:*:*:*:*:*:*:*", "matchCriteriaId": "C900E994-BE87-4417-808D-42DEBF93920A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver."}, {"lang": "es", "value": "Twister Antivirus v8.17 es afectado por una vulnerabilidad de lectura fuera de los l\u00edmites al activar el c\u00f3digo IOCTL 0x801120B8 del controlador filmfd.sys."}], "id": "CVE-2024-1140", "lastModified": "2025-05-19T17:15:21.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "help@fluidattacks.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2024-02-13T15:15:08.437", "references": [{"source": "help@fluidattacks.com", "tags": ["Product"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}, {"source": "help@fluidattacks.com", "tags": ["Third Party Advisory"], "url": "https://fluidattacks.com/advisories/fitzgerald/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://www.filseclab.com/en-us/products/twister.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://fluidattacks.com/advisories/fitzgerald/"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "help@fluidattacks.com", "type": "Secondary"}]}