CVE-2021-43000

Name of the Vulnerable Software and Affected Versions Amzetta zPortal Windows zClient versions <= 3.2.8180.148

Description The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to a Buffer Overflow in the IOCTL Handler 0x22001B.

Recommendations For Amzetta zPortal Windows zClient versions <= 3.2.8180.148, consider disabling the IOCTL Handler 0x22001B as a temporary workaround until a patch is available. Restrict access to the vulnerable handler to minimize the risk of exploitation. Avoid using specially crafted I/O Request Packets in the affected handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.