PT-2020-3022 · Fabulatech · Fabulatech Usb For Remote Desktop

Michael Myngerbayev

Published

2020-06-17

Updated

2021-07-21

CVE-2020-9332

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FabulaTech USB for Remote Desktop versions through 2020-02-19

Description The issue is related to errors in privilege management in the ftusbbus2.sys component. It allows an attacker to escalate privileges using a specially crafted IoCtl code related to a USB HID device.

Recommendations For versions through 2020-02-19, consider disabling the ftusbbus2.sys component until a patch is available to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2020-03266

CVE-2020-9332

Affected Products

Fabulatech Usb For Remote Desktop

PT-2020-3022 · Fabulatech · Fabulatech Usb For Remote Desktop

CVE-2020-9332

Weakness Enumeration

Related Identifiers

Affected Products

References · 11