CVE-2023-44976
3.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Summary
Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hangzhou Shunwang | Rentdrv2 | 1aed62a63b4802e599bbd33162319129501d603cceeb5e1eb22fd4733b3018a3 | affected |
| Hangzhou Shunwang | Rentdrv2 | 9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5 | affected |
Weaknesses
- CWE-782: CWE-782 Exposed IOCTL with Insufficient Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/keowu/BadRentdrv2
- https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.