CVE-2021-42682 – This integer overflow vulnerability in Accops H... (How to Fix)

Q: What is the severity of CVE-2021-42682?

CVE-2021-42682 has a CVSS score of 8.8 (HIGH). This integer overflow vulnerability in Accops HyWorks DVM Tools allows local attackers to execute arbitrary code with kernel privileges or crash the operating system via specially crafted I/O requests. It affects systems running HyWorks DVM Tools prior to version 3.3.1.105. Attackers need local access to exploit this vulnerability.

📋 TL;DR

This integer overflow vulnerability in Accops HyWorks DVM Tools allows local attackers to execute arbitrary code with kernel privileges or crash the operating system via specially crafted I/O requests. It affects systems running HyWorks DVM Tools prior to version 3.3.1.105. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Accops HyWorks DVM Tools

Versions: All versions prior to 3.3.1.105

Operating Systems: Windows (based on IOCTL handler vulnerability)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the USB-over-Ethernet functionality used in cloud services like AWS, Azure, and Google Cloud.

📦 What is this software?

Hyworks Dvm Tools by Accops

View all CVEs affecting Hyworks Dvm Tools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via kernel-mode arbitrary code execution leading to persistent backdoors, data theft, or ransomware deployment.

🟠

Likely Case

Privilege escalation from standard user to SYSTEM/root privileges, enabling lateral movement and persistence establishment.

🟢

If Mitigated

Limited impact if proper access controls prevent local user access to vulnerable systems.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable over network.

🏢 Internal Only: HIGH - Local attackers or malware with user privileges can exploit to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access but is relatively straightforward to implement given the public technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.1.105 and later

Vendor Advisory: https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/

Restart Required: Yes

Instructions:

1. Download HyWorks DVM Tools version 3.3.1.105 or later from official vendor sources. 2. Uninstall previous versions. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict local user access

windows

Limit which users can log into systems running vulnerable HyWorks DVM Tools

Disable unnecessary USB-over-Ethernet functionality

windows

Remove or disable HyWorks DVM Tools if not required for business operations

🧯 If You Can't Patch

Implement strict least-privilege access controls to prevent unauthorized local logins
Monitor for suspicious local privilege escalation attempts using endpoint detection tools

🔍 How to Verify

Check if Vulnerable:

Check HyWorks DVM Tools version in Control Panel > Programs and Features or via 'wmic product get name,version' command

Check Version:

wmic product where "name like '%HyWorks%'" get name,version

Verify Fix Applied:

Verify installed version is 3.3.1.105 or higher and check system stability after patch application

📡 Detection & Monitoring

Log Indicators:

Unusual IOCTL 0x22001B calls in system logs
Unexpected driver crashes or system reboots
Privilege escalation events in security logs

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

EventID=4688 AND (NewProcessName LIKE '%cmd.exe%' OR NewProcessName LIKE '%powershell.exe%') AND SubjectUserName!=SYSTEM AND TokenElevationType=%%1938

📊 Metadata

CVE ID: CVE-2021-42682

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-190

Published: December 7, 2021

Last Updated: November 21, 2024

🔗 References

https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/ Exploit,Technical Description,Third Party Advisory
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/ Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42682, you might also want to check these: