Main Vulnerability Database Exploits ID:3460 - Exploit for Permissions, Privileges, and Access Controls in USB for Remote Desktop - CVE-2020-9332

ID:3460 - Exploit for Permissions, Privileges, and Access Controls in USB for Remote Desktop - CVE-2020-9332

Published: July 15, 2020

Vulnerability identifier: #VU29126

Vulnerability risk: High

CVE-ID: CVE-2020-9332

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
USB for Remote Desktop

Link to public exploit:

https://github.com/Sentinel-One/CVE-2020-9332

Vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in "ftusbbus2.sys". A remote attacker can use a specially crafted IoCtl code related to a USB HID device and gain elevated privileges on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:3460 - Exploit for Permissions, Privileges, and Access Controls in USB for Remote Desktop - CVE-2020-9332

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human