Login Sign Up

CVE-2024-12654

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in FabulaTech USB over Network allows local attackers to trigger a null pointer dereference in the ftusbbus2.sys driver via a specific IOCTL handler, potentially causing denial of service. It affects users of USB over Network Client software version 6.0.6.1. Exploitation requires local access to the system.

💻 Affected Systems

Products:
  • FabulaTech USB over Network Client
Versions: 6.0.6.1
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with USB over Network Client installed. The vulnerable driver ftusbbus2.sys is part of this software.

📦 What is this software?

Usb Over Network by Fabulatech

View all CVEs affecting Usb Over Network →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or blue screen (BSOD) leading to denial of service and potential data loss from unsaved work.

🟠

Likely Case

Application crash or system instability requiring reboot, disrupting USB over Network functionality.

🟢

If Mitigated

Minimal impact if proper access controls prevent unauthorized local execution.

🌐 Internet-Facing: LOW - Exploitation requires local access, cannot be triggered remotely.
🏢 Internal Only: MEDIUM - Local attackers or malware could exploit this to cause denial of service on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires local execution privileges. Public disclosure includes technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to newer versions if available or using workarounds.

🔧 Temporary Workarounds

Restrict driver access

windows

Modify permissions on ftusbbus2.sys to prevent unauthorized access

icacls "C:\Windows\System32\drivers\ftusbbus2.sys" /deny Everyone:(R,W,X)

Uninstall vulnerable software

windows

Remove FabulaTech USB over Network Client if not required

Control Panel > Programs > Uninstall a program > Select 'USB over Network Client' > Uninstall

🧯 If You Can't Patch

  • Implement strict local access controls to prevent unauthorized users from executing code on affected systems.
  • Monitor for crash dumps or system instability events related to ftusbbus2.sys driver.

🔍 How to Verify

Check if Vulnerable:

Check if ftusbbus2.sys driver version 6.0.6.1 is present in system drivers directory.

Check Version:

powershell Get-Item "C:\Windows\System32\drivers\ftusbbus2.sys" | Select-Object VersionInfo

Verify Fix Applied:

Verify ftusbbus2.sys driver has been removed or permissions have been restricted.

📡 Detection & Monitoring

Log Indicators:

  • System crash logs (Event ID 1001) referencing ftusbbus2.sys
  • Application error logs showing access violations in USB over Network processes

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

EventID=1001 AND Source="Windows Error Reporting" AND Description="*ftusbbus2.sys*"

📊 Metadata

CVE ID: CVE-2024-12654
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-404
Published: December 16, 2024
Last Updated: December 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12654, you might also want to check these:

CVE-2025-38385 7.8

This CVE describes a kernel warning triggered during USB device disconnection in the Linux kernel's ...

Same vulnerability type (CWE-404)
CVE-2022-23033 7.8

This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to m...

Same vulnerability type (CWE-404)
CVE-2021-0984 7.8

This vulnerability in Android 12 allows local privilege escalation without user interaction. An inco...

Same vulnerability type (CWE-404)