CVE-2020-9453
Last modified
CVE-2020-9453 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Epson | Iprojection | <= 2.30 |
References
- https://epson.comProduct
- https://epson.com/Support/wa00936Patch, Vendor Advisory
- https://github.com/FULLSHADE/Kernel-exploitsPatch, Third Party Advisory
- https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_MPAU.sysPatch, Third Party Advisory
- https://epson.comProduct
- https://epson.com/Support/wa00936Patch, Vendor Advisory
- https://github.com/FULLSHADE/Kernel-exploitsPatch, Third Party Advisory
- https://github.com/FULLSHADE/Kernel-exploits/tree/master/EMP_MPAU.sysPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9453?
How severe is CVE-2020-9453?
How do I fix CVE-2020-9453?
Are you affected by CVE-2020-9453?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST