CVE-2021-43003

Vulnerability

An integer overflow vulnerability exists in the Amzetta zPortal Windows zClient, affecting versions up to and including v3.2.8180.148. The flaw is present in the IOCTL handler for code 0x22001B, part of the device driver that handles I/O Request Packets (IRPs) for USB over Ethernet functionality derived from the Eltima SDK [1]. The vulnerability can be triggered when a specially crafted IRP is sent to the driver, causing an integer overflow that leads to memory corruption.

Exploitation

To exploit this vulnerability, an attacker must already have local access to the target Windows system, either through a user account or by having executed code with limited privileges. No additional authentication is required beyond standard local access. The attacker sends a crafted I/O Request Packet to the affected driver via the IOCTL interface, which triggers the integer overflow and subsequently corrupts kernel memory [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in kernel mode, gaining the highest level of privilege on the system. This can lead to complete compromise of the operating system, including the ability to disable security products, overwrite system components, or perform other malicious operations unimpeded [1]. Alternatively, the same condition can cause a denial of service by corrupting memory and crashing the OS.

Mitigation

The vendor, Amzetta, has released a security update to address this vulnerability. Users of the affected zClient software should upgrade to a patched version as part of the vendor's security updates [1]. The fix may be automatically applied for some deployments, while others may require manual action. No workarounds are available, and users are advised to install the latest version of zClient as soon as possible.