CVE-2021-42687

Vulnerability

A buffer overflow vulnerability exists in the IOCTL handler 0x22005B of the Accops HyWorks Windows Client driver prior to version 3.2.8.200 [1]. The driver is part of the Eltima SDK used for USB over Ethernet functionality. The vulnerability allows local attackers to trigger memory corruption by sending a specially crafted I/O Request Packet (IRP) to the handler.

Exploitation

Exploitation requires local access to the system. An attacker with user-level privileges can send a malicious IRP to the vulnerable IOCTL handler 0x22005B, causing a buffer overflow in kernel memory. No additional authentication or user interaction is needed beyond the ability to execute code or send IOCTL calls.

Impact

Successful exploitation results in arbitrary code execution in kernel mode, granting the attacker full control over the system. This can be leveraged to disable security products, overwrite system components, or cause a denial of service through memory corruption and OS crash. The attacker escalates from user privileges to the highest kernel-level privileges.

Mitigation

Accops released a fixed version 3.2.8.200 of the HyWorks Windows Client to address this vulnerability [1]. Users should upgrade to this version or later. The fix is part of a broader security update to the underlying Eltima SDK. Affected users of cloud services relying on this component may receive the update automatically.