CVE-2024-55413
📋 TL;DR
A vulnerability in SUNIX Parallel Driver x64 (snxppamd.sys) allows low-privileged users to perform arbitrary I/O port read/write operations through specially crafted IOCTL requests. This can lead to privilege escalation, high-privilege code execution, and information disclosure. Affected users are those running the vulnerable driver on Windows systems.
💻 Affected Systems
- SUNIX Parallel Driver x64
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through privilege escalation to SYSTEM, deployment of persistent malware via driver signing bypass, and complete data exfiltration.
Likely Case
Local privilege escalation allowing attackers to gain administrative privileges on compromised systems.
If Mitigated
Limited impact if proper access controls prevent low-privileged users from executing code or if driver is not present.
🎯 Exploit Status
Exploitation requires low-privileged access and knowledge of IOCTL crafting. The driver signing could facilitate more sophisticated attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SUNIX website for updated driver version
Vendor Advisory: https://www.sunix.com/tw/
Restart Required: No
Instructions:
1. Visit SUNIX website for driver updates. 2. Download and install the latest parallel driver. 3. Verify the vulnerable driver file (snxppamd.sys) is replaced with patched version.
🔧 Temporary Workarounds
Driver Removal
WindowsRemove the vulnerable driver if not required for system functionality
sc stop snxppamd
sc delete snxppamd
del C:\Windows\System32\drivers\snxppamd.sys
Access Control Restriction
WindowsRestrict low-privileged user access to driver operations
icacls C:\Windows\System32\drivers\snxppamd.sys /deny Users:(R,X)
🧯 If You Can't Patch
- Implement strict least privilege access controls to limit low-privileged user capabilities
- Monitor for suspicious driver loading or IOCTL requests from non-administrative accounts
🔍 How to Verify
Check if Vulnerable:
Check if snxppamd.sys version 10.1.0.0 exists in C:\Windows\System32\drivers\Check Version:
powershell Get-Item C:\Windows\System32\drivers\snxppamd.sys | Select-Object VersionInfoVerify Fix Applied:
Verify driver file version is updated from 10.1.0.0 and check system logs for successful driver loading📡 Detection & Monitoring
Log Indicators:
- Event ID 7045: Service installation for snxppamd
- Driver load events for snxppamd.sys
- Unusual IOCTL requests to parallel port driver
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
source="*security*" AND (event_id=7045 AND service_name="snxppamd") OR (process_name="snxppamd.sys")