PT-2021-23711 · Eltima · Eltima Usb Network Gate
Kasif Dekel
·
Published
2021-12-07
·
Updated
2021-12-08
·
CVE-2021-42988
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Eltima USB Network Gate versions 7.0.1370 through 9.2.2420
Description
The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to a Buffer Overflow in the IOCTL Handler 0x22001B.
Recommendations
For Eltima USB Network Gate versions 7.0.1370 through 9.2.2420, consider disabling the IOCTL Handler 0x22001B as a temporary workaround until a patch is available. Restrict access to the vulnerable IOCTL handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eltima Usb Network Gate