CVE-2024-34329
📋 TL;DR
This vulnerability allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges on systems running vulnerable versions of the Entrust Datacard XPS Card Printer Driver. It affects versions 8.5 and earlier without the dxp1-patch-E24-004 patch. Attackers can exploit insecure permissions to load a crafted DLL payload.
💻 Affected Systems
- Entrust Datacard XPS Card Printer Driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with SYSTEM privileges, allowing attackers to install malware, steal credentials, pivot to other systems, or disrupt operations.
Likely Case
Local privilege escalation leading to persistence mechanisms, credential harvesting, or lateral movement within the network.
If Mitigated
Limited impact with proper network segmentation and least privilege principles, though local exploitation risk remains.
🎯 Exploit Status
Public proof-of-concept code exists on GitHub. The vulnerability allows unauthenticated attackers to execute code via DLL hijacking/loading.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: dxp1-patch-E24-004 or later versions
Vendor Advisory: https://www.entrust.com/sites/default/files/documentation/productsupport/entrust-security-bulletin-e24-004.pdf
Restart Required: Yes
Instructions:
1. Download the patch from Entrust Datacard support portal. 2. Apply the dxp1-patch-E24-004 patch. 3. Restart the system. 4. Verify the patch is applied correctly.
🔧 Temporary Workarounds
Restrict DLL loading permissions
windowsModify permissions on the vulnerable driver directories to prevent unauthorized DLL loading
icacls "C:\Program Files\Entrust Datacard\XPS Card Printer Driver\" /deny Everyone:(OI)(CI)F
Network segmentation
allIsolate systems with the vulnerable driver from general network access
🧯 If You Can't Patch
- Remove or disable the Entrust Datacard XPS Card Printer Driver if not essential
- Implement strict network access controls to limit which systems can communicate with vulnerable hosts
🔍 How to Verify
Check if Vulnerable:
Check if Entrust Datacard XPS Card Printer Driver version 8.5 or earlier is installed without the dxp1-patch-E24-004 patchCheck Version:
Check Add/Remove Programs or registry at HKEY_LOCAL_MACHINE\SOFTWARE\Entrust Datacard\XPS Card Printer DriverVerify Fix Applied:
Verify the dxp1-patch-E24-004 patch is applied or the driver version is updated beyond 8.5📡 Detection & Monitoring
Log Indicators:
- Unexpected DLL loading events in Windows Event Logs (Security/System)
- Process creation events for suspicious executables from printer driver context
Network Indicators:
- Unusual network connections originating from systems with the printer driver
SIEM Query:
EventID=4688 AND (NewProcessName contains "cmd.exe" OR NewProcessName contains "powershell.exe") AND ParentProcessName contains "XPS"🔗 References
- https://github.com/pamoutaf/CVE-2024-34329/blob/main/README.md
- https://www.entrust.com/ja/contact/services/downloads/drivers
- https://www.entrust.com/sites/default/files/documentation/productsupport/entrust-security-bulletin-e24-004.pdf
- https://www.entrust.com/support/instant-id-card-issuance-systems/ds3-direct-to-card-printer-support
- https://github.com/pamoutaf/CVE-2024-34329/blob/main/README.md
- https://www.entrust.com/ja/contact/services/downloads/drivers
