A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Wed, 18 Dec 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Fabulatech
Fabulatech usb Over Network
CPEs cpe:2.3:a:fabulatech:usb_over_network:6.0.6.1:*:*:*:*:*:*:*
Vendors & Products Fabulatech
Fabulatech usb Over Network

Mon, 16 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Dec 2024 15:45:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference
Weaknesses CWE-404
CWE-476
References
Metrics cvssV2_0

{'score': 4.6, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:C'}

cvssV3_0

{'score': 5.5, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-16T15:31:04.867Z

Updated: 2024-12-16T16:24:14.037Z

Reserved: 2024-12-16T08:30:35.221Z

Link: CVE-2024-12653

cve-icon Vulnrichment

Updated: 2024-12-16T16:24:08.805Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-16T16:15:06.593

Modified: 2024-12-18T13:53:28.700

Link: CVE-2024-12653

cve-icon Redhat

No data.