CVE-2020-9332 PoC — FabulaTech USB for Remote Desktop 安全漏洞

Source

https://github.com/Sentinel-One/CVE-2020-9332

Associated Vulnerability

Title:FabulaTech USB for Remote Desktop 安全漏洞 (CVE-2020-9332)
Description:ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.

Readme

# CVE-2020-9332
## Description
A vulnerable bus driver in FabulaTech “USB for Remote Desktop” and “USB over Network” allows low privileged users to add a fully controlled software USB device, which could be used by an attacker to elevate privileges under certain common circumstances

------------------------------------------
## [Vulnerability Type]
Incorrect Access Control

------------------------------------------
## [Vendor of Product]
FabulaTech

------------------------------------------
## [Affected Product Code Base]
USB for Remote Desktop

USB over Network

------------------------------------------
## [Attack Type]
Local

------------------------------------------
## [Impact Escalation of Privileges]
true

------------------------------------------
## [CVE Impact Other]
Adding trusted software USB HID device fully controlled by non-privileged users

------------------------------------------
## [Discoverer]
Michael Myngerbayev of SentinelOne

------------------------------------------
## [Reference]
https://www.fabulatech.com

https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/

File Snapshot


 [4.0K]  /data/pocs/535ec4ebb82a0d44b93fa2b8a6f8d580eea425d0
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!