CVE-2020-9332 PoC — FabulaTech USB for Remote Desktop 安全漏洞

Source

Associated Vulnerability

Readme

# CVE-2020-9332
## Description
A vulnerable bus driver in FabulaTech “USB for Remote Desktop” and “USB over Network” allows low privileged users to add a fully controlled software USB device, which could be used by an attacker to elevate privileges under certain common circumstances

------------------------------------------
## [Vulnerability Type]
Incorrect Access Control

------------------------------------------
## [Vendor of Product]
FabulaTech

------------------------------------------
## [Affected Product Code Base]
USB for Remote Desktop

USB over Network

------------------------------------------
## [Attack Type]
Local

------------------------------------------
## [Impact Escalation of Privileges]
true

------------------------------------------
## [CVE Impact Other]
Adding trusted software USB HID device fully controlled by non-privileged users

------------------------------------------
## [Discoverer]
Michael Myngerbayev of SentinelOne

------------------------------------------
## [Reference]
https://www.fabulatech.com

https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/

File Snapshot

 [4.0K]  /data/pocs/535ec4ebb82a0d44b93fa2b8a6f8d580eea425d0
└── [1.1K]  README.md

0 directories, 1 file

Remarks