CVE-2020-9332

HIGH

FabulaTech USB for Remote Desktop < 2020-02-19 - Privilege Escalation via IoCtl Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9332. PoCs published by Sentinel-One.

AI-analyzed exploit summary This repository provides a detailed technical description of CVE-2020-9332, an incorrect access control vulnerability in FabulaTech's USB for Remote Desktop and USB over Network products. The vulnerability allows low-privileged users to add a fully controlled software USB device, potentially leading to privilege escalation.

Description

ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.

Exploits (1)

nomisec WRITEUP 3 stars
by Sentinel-One · poc
https://github.com/Sentinel-One/CVE-2020-9332

This repository provides a detailed technical description of CVE-2020-9332, an incorrect access control vulnerability in FabulaTech's USB for Remote Desktop and USB over Network products. The vulnerability allows low-privileged users to add a fully controlled software USB device, potentially leading to privilege escalation.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: FabulaTech USB for Remote Desktop, FabulaTech USB over Network
No auth needed
Prerequisites: Local access to the system · Presence of vulnerable FabulaTech software
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.fabulatech.com
Exploit, Third Party Advisory x_refsource_misc
https://labs.sentinelone.com/click-from-the-backyard-cve-2020-9332/

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 17.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
fabulatech/usb_for_remote_desktop < 2020-02-19
Published Jun 17, 2020
Tracked Since Feb 18, 2026