A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Wed, 18 Dec 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Fabulatech
Fabulatech usb Over Network
CPEs cpe:2.3:a:fabulatech:usb_over_network:6.0.6.1:*:*:*:*:*:*:*
Vendors & Products Fabulatech
Fabulatech usb Over Network

Mon, 16 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 16 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference
Weaknesses CWE-404
CWE-476
References
Metrics cvssV2_0

{'score': 4.6, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:C'}

cvssV3_0

{'score': 5.5, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-16T16:00:17.535Z

Updated: 2024-12-16T16:25:35.970Z

Reserved: 2024-12-16T08:30:38.195Z

Link: CVE-2024-12654

cve-icon Vulnrichment

Updated: 2024-12-16T16:25:11.002Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-16T16:15:06.810

Modified: 2024-12-18T13:42:22.853

Link: CVE-2024-12654

cve-icon Redhat

No data.