CVE-2021-43003

Name of the Vulnerable Software and Affected Versions Amzetta zPortal Windows zClient versions <= 3.2.8180.148

Description The issue is related to an Integer Overflow in the Amzetta zPortal Windows zClient. Specifically, the IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packets.

Recommendations For Amzetta zPortal Windows zClient versions <= 3.2.8180.148, consider disabling the IOCTL Handler 0x22001B as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the vulnerable handler to minimize the risk of arbitrary code execution or denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.