CVE-2024-55412
📋 TL;DR
A vulnerability in SUNIX Serial Driver x64 (snxpsamd.sys) allows low-privileged users to perform arbitrary I/O port read/write operations through crafted IOCTL requests. This can lead to privilege escalation, high-privilege code execution, and information disclosure. Affected users are those running the vulnerable driver version on Windows systems.
💻 Affected Systems
- SUNIX Serial Driver x64
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via privilege escalation to SYSTEM, deployment of persistent malware, and complete data exfiltration.
Likely Case
Local privilege escalation allowing attackers to gain administrative rights on compromised systems.
If Mitigated
Limited impact with proper access controls, driver blocklisting, and monitoring in place.
🎯 Exploit Status
Requires low-privileged access and knowledge of driver IOCTL interface. No public exploit code available at time of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SUNIX website for updated version
Vendor Advisory: https://www.sunix.com/tw/
Restart Required: No
Instructions:
1. Visit SUNIX website for driver updates. 2. Download latest driver version. 3. Uninstall current driver. 4. Install updated driver. 5. Verify driver version.
🔧 Temporary Workarounds
Driver Blocklisting
WindowsBlock loading of vulnerable driver using Windows Driver Block Rules
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Driver Security\Driver Block Rules" /v "{GUID}" /t REG_SZ /d "snxpsamd.sys" /f
Remove Vulnerable Driver
WindowsUninstall the vulnerable driver if not required
pnputil /delete-driver snxpsamd.inf /uninstall
sc delete snxpsamd
🧯 If You Can't Patch
- Implement strict least privilege access controls to limit low-privileged user access
- Monitor for suspicious driver loading events and IOCTL requests
🔍 How to Verify
Check if Vulnerable:
Check driver version: Open Device Manager > Serial ports > SUNIX Serial Driver Properties > Driver tabCheck Version:
driverquery /v | findstr /i snxpsamdVerify Fix Applied:
Verify driver version is updated from 10.1.0.0 and check Windows Event Log for driver loading events📡 Detection & Monitoring
Log Indicators:
- Event ID 7045: Service installation for snxpsamd
- Event ID 6: Driver loaded (snxpsamd.sys)
- Unusual IOCTL requests to \Device\snxpsamd
Network Indicators:
- No network indicators - local vulnerability only
SIEM Query:
source="*" (EventCode=7045 AND ServiceName="snxpsamd") OR (EventCode=6 AND ImageLoaded="*snxpsamd.sys")