Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for USB over Network by FabulaTech
CVE-2024-12656 (GCVE-0-2024-12656)
Vulnerability from cvelistv5 – Published: 2024-12-16 17:00 – Updated: 2024-12-16 17:24
VLAI
Title
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference
Summary
A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.288525 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288525 | signaturepermissions-required |
| https://vuldb.com/?submit.456030 | third-party-advisory |
| https://shareforall.notion.site/FabulaTech-USB-ov… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FabulaTech | USB over Network |
Affected:
6.0.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12656",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T17:24:11.199737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T17:24:26.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IOCT Handler"
],
"product": "USB over Network",
"vendor": "FabulaTech",
"versions": [
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TopGun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in FabulaTech USB over Network 6.0.6.1 gefunden. Es betrifft die Funktion 0x220448 in der Bibliothek ftusbbus2.sys der Komponente IOCT Handler. Mittels Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T17:00:15.985Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288525 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288525"
},
{
"name": "VDB-288525 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288525"
},
{
"name": "Submit #456030 | FabulaTech USB over Network Client 6.0.6.1 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456030"
},
{
"tags": [
"exploit"
],
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220448-NPD-DOS-15160437bb1e80cb837cd715680be6ea"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:35:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12656",
"datePublished": "2024-12-16T17:00:15.985Z",
"dateReserved": "2024-12-16T08:30:43.339Z",
"dateUpdated": "2024-12-16T17:24:26.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12655 (GCVE-0-2024-12655)
Vulnerability from cvelistv5 – Published: 2024-12-16 16:31 – Updated: 2024-12-16 16:51
VLAI
Title
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference
Summary
A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.288524 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288524 | signaturepermissions-required |
| https://vuldb.com/?submit.456029 | third-party-advisory |
| https://shareforall.notion.site/FabulaTech-USB-ov… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FabulaTech | USB over Network |
Affected:
6.0.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12655",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:51:17.645751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:51:34.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IOCT Handler"
],
"product": "USB over Network",
"vendor": "FabulaTech",
"versions": [
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TopGun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in FabulaTech USB over Network 6.0.6.1 entdeckt. Hierbei geht es um die Funktion 0x220420 in der Bibliothek ftusbbus2.sys der Komponente IOCT Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:31:05.616Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288524 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288524"
},
{
"name": "VDB-288524 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288524"
},
{
"name": "Submit #456029 | FabulaTech USB over Network Client 6.0.6.1 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456029"
},
{
"tags": [
"exploit"
],
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220420-NPD-DOS-15160437bb1e80898c8bf2dc1f7a24e7"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:35:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12655",
"datePublished": "2024-12-16T16:31:05.616Z",
"dateReserved": "2024-12-16T08:30:40.650Z",
"dateUpdated": "2024-12-16T16:51:34.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12654 (GCVE-0-2024-12654)
Vulnerability from cvelistv5 – Published: 2024-12-16 16:00 – Updated: 2024-12-16 16:25
VLAI
Title
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference
Summary
A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.288523 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288523 | signaturepermissions-required |
| https://vuldb.com/?submit.456028 | third-party-advisory |
| https://shareforall.notion.site/FabulaTech-USB-ov… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FabulaTech | USB over Network |
Affected:
6.0.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12654",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:24:27.503004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:25:35.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IOCT Handler"
],
"product": "USB over Network",
"vendor": "FabulaTech",
"versions": [
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TopGun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In FabulaTech USB over Network 6.0.6.1 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion 0x220408 in der Bibliothek ftusbbus2.sys der Komponente IOCT Handler. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:00:17.535Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288523 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288523"
},
{
"name": "VDB-288523 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288523"
},
{
"name": "Submit #456028 | FabulaTech USB over Network Client 6.0.6.1 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456028"
},
{
"tags": [
"exploit"
],
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220408-NPD-DOS-15160437bb1e803e9b3df784e61c6dcd"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:35:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12654",
"datePublished": "2024-12-16T16:00:17.535Z",
"dateReserved": "2024-12-16T08:30:38.195Z",
"dateUpdated": "2024-12-16T16:25:35.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12653 (GCVE-0-2024-12653)
Vulnerability from cvelistv5 – Published: 2024-12-16 15:31 – Updated: 2024-12-16 16:24
VLAI
Title
FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference
Summary
A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.288522 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288522 | signaturepermissions-required |
| https://vuldb.com/?submit.456026 | third-party-advisory |
| https://shareforall.notion.site/FabulaTech-USB-ov… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FabulaTech | USB over Network |
Affected:
6.0.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12653",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:23:42.463788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:24:14.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IOCT Handler"
],
"product": "USB over Network",
"vendor": "FabulaTech",
"versions": [
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TopGun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in FabulaTech USB over Network 6.0.6.1 entdeckt. Es geht dabei um die Funktion 0x22040C in der Bibliothek ftusbbus2.sys der Komponente IOCT Handler. Durch die Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T15:31:04.867Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288522 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288522"
},
{
"name": "VDB-288522 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288522"
},
{
"name": "Submit #456026 | FabulaTech USB over Network Client 6.0.6.1 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456026"
},
{
"tags": [
"exploit"
],
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x22040C-NPD-DOS-15160437bb1e80228995f9a74a5c233c?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:35:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12653",
"datePublished": "2024-12-16T15:31:04.867Z",
"dateReserved": "2024-12-16T08:30:35.221Z",
"dateUpdated": "2024-12-16T16:24:14.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12656 (GCVE-0-2024-12656)
Vulnerability from nvd – Published: 2024-12-16 17:00 – Updated: 2024-12-16 17:24
VLAI
Title
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference
Summary
A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.288525 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288525 | signaturepermissions-required |
| https://vuldb.com/?submit.456030 | third-party-advisory |
| https://shareforall.notion.site/FabulaTech-USB-ov… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FabulaTech | USB over Network |
Affected:
6.0.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12656",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T17:24:11.199737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T17:24:26.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IOCT Handler"
],
"product": "USB over Network",
"vendor": "FabulaTech",
"versions": [
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TopGun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in FabulaTech USB over Network 6.0.6.1 gefunden. Es betrifft die Funktion 0x220448 in der Bibliothek ftusbbus2.sys der Komponente IOCT Handler. Mittels Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T17:00:15.985Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288525 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288525"
},
{
"name": "VDB-288525 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288525"
},
{
"name": "Submit #456030 | FabulaTech USB over Network Client 6.0.6.1 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456030"
},
{
"tags": [
"exploit"
],
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220448-NPD-DOS-15160437bb1e80cb837cd715680be6ea"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:35:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "FabulaTech USB over Network IOCT ftusbbus2.sys 0x220448 null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12656",
"datePublished": "2024-12-16T17:00:15.985Z",
"dateReserved": "2024-12-16T08:30:43.339Z",
"dateUpdated": "2024-12-16T17:24:26.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12655 (GCVE-0-2024-12655)
Vulnerability from nvd – Published: 2024-12-16 16:31 – Updated: 2024-12-16 16:51
VLAI
Title
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference
Summary
A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.288524 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288524 | signaturepermissions-required |
| https://vuldb.com/?submit.456029 | third-party-advisory |
| https://shareforall.notion.site/FabulaTech-USB-ov… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FabulaTech | USB over Network |
Affected:
6.0.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12655",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:51:17.645751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:51:34.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IOCT Handler"
],
"product": "USB over Network",
"vendor": "FabulaTech",
"versions": [
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TopGun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in FabulaTech USB over Network 6.0.6.1 entdeckt. Hierbei geht es um die Funktion 0x220420 in der Bibliothek ftusbbus2.sys der Komponente IOCT Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:31:05.616Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288524 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288524"
},
{
"name": "VDB-288524 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288524"
},
{
"name": "Submit #456029 | FabulaTech USB over Network Client 6.0.6.1 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456029"
},
{
"tags": [
"exploit"
],
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220420-NPD-DOS-15160437bb1e80898c8bf2dc1f7a24e7"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:35:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12655",
"datePublished": "2024-12-16T16:31:05.616Z",
"dateReserved": "2024-12-16T08:30:40.650Z",
"dateUpdated": "2024-12-16T16:51:34.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12654 (GCVE-0-2024-12654)
Vulnerability from nvd – Published: 2024-12-16 16:00 – Updated: 2024-12-16 16:25
VLAI
Title
FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference
Summary
A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.288523 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288523 | signaturepermissions-required |
| https://vuldb.com/?submit.456028 | third-party-advisory |
| https://shareforall.notion.site/FabulaTech-USB-ov… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FabulaTech | USB over Network |
Affected:
6.0.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12654",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:24:27.503004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:25:35.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IOCT Handler"
],
"product": "USB over Network",
"vendor": "FabulaTech",
"versions": [
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TopGun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In FabulaTech USB over Network 6.0.6.1 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion 0x220408 in der Bibliothek ftusbbus2.sys der Komponente IOCT Handler. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:00:17.535Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288523 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288523"
},
{
"name": "VDB-288523 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288523"
},
{
"name": "Submit #456028 | FabulaTech USB over Network Client 6.0.6.1 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456028"
},
{
"tags": [
"exploit"
],
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x220408-NPD-DOS-15160437bb1e803e9b3df784e61c6dcd"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:35:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12654",
"datePublished": "2024-12-16T16:00:17.535Z",
"dateReserved": "2024-12-16T08:30:38.195Z",
"dateUpdated": "2024-12-16T16:25:35.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12653 (GCVE-0-2024-12653)
Vulnerability from nvd – Published: 2024-12-16 15:31 – Updated: 2024-12-16 16:24
VLAI
Title
FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference
Summary
A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.5 (Medium)
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.288522 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.288522 | signaturepermissions-required |
| https://vuldb.com/?submit.456026 | third-party-advisory |
| https://shareforall.notion.site/FabulaTech-USB-ov… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FabulaTech | USB over Network |
Affected:
6.0.6.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12653",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:23:42.463788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:24:14.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"IOCT Handler"
],
"product": "USB over Network",
"vendor": "FabulaTech",
"versions": [
{
"status": "affected",
"version": "6.0.6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TopGun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in FabulaTech USB over Network 6.0.6.1 entdeckt. Es geht dabei um die Funktion 0x22040C in der Bibliothek ftusbbus2.sys der Komponente IOCT Handler. Durch die Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T15:31:04.867Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-288522 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.288522"
},
{
"name": "VDB-288522 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.288522"
},
{
"name": "Submit #456026 | FabulaTech USB over Network Client 6.0.6.1 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.456026"
},
{
"tags": [
"exploit"
],
"url": "https://shareforall.notion.site/FabulaTech-USB-over-Network-Client-ftusbbus2-0x22040C-NPD-DOS-15160437bb1e80228995f9a74a5c233c?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-16T09:35:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12653",
"datePublished": "2024-12-16T15:31:04.867Z",
"dateReserved": "2024-12-16T08:30:35.221Z",
"dateUpdated": "2024-12-16T16:24:14.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}