CVE-2021-42686

Vulnerability

The vulnerability is an integer overflow in the Accops HyWorks Windows Client prior to version 3.2.8.200. Specifically, the IOCTL handler 0x22001B does not properly validate input sizes, leading to an integer overflow when processing specially crafted I/O Request Packets (IRPs). This flaw exists in the driver component that handles USB over Ethernet functionality, which is based on the Eltima SDK [1]. Affected versions are all releases before 3.2.8.200.

Exploitation

Exploitation requires local access to the system. An attacker must be able to send a specially crafted I/O Request Packet to the vulnerable IOCTL handler (0x22001B). No authentication is needed beyond local user privileges. The attacker can trigger the integer overflow by providing a malformed input that causes an incorrect memory allocation or buffer size calculation, leading to memory corruption.

Impact

Successful exploitation allows a local attacker to execute arbitrary code in kernel mode, gaining the highest level of system privileges. This can lead to full compromise of the operating system, including the ability to disable security products, overwrite system components, or cause a denial of service (OS crash). The impact is severe as it enables privilege escalation from a low-privileged user to kernel-level control [1].

Mitigation

Accops has released a fix in version 3.2.8.200 of the HyWorks Windows Client. Users should update to this version or later. The vendor has issued security updates to address this vulnerability [1]. No workarounds are documented; the only mitigation is to apply the patch. There is no evidence of in-the-wild exploitation as of the publication date [1].