SUNIX Multi I/O Card Arbitrary I/O Port Access Vulnerability

A vulnerability in the snxpcamd.sys driver of the SUNIX Multi I/O Card, version 10.1.0.0, allows low-privileged users to perform arbitrary read and write operations on I/O ports. This is achieved by sending specially crafted IOCTL requests. The vulnerability could be exploited for privilege escalation, executing code with elevated rights, and unauthorized information access. Additionally, since these drivers are signed, they could potentially circumvent the Microsoft driver-signing policy to introduce malicious software.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of I/O ports, with potential consequences including privilege escalation, execution of high-privilege code, and information disclosure.

Reproduction

The vulnerability can be reproduced by sending crafted IOCTL requests to the snxpcamd.sys driver. IOCTL codes such as 0x9C402C00 can be used to trigger operations that read from or write to I/O ports. The driver does not enforce caller privilege restrictions, allowing low-privileged users to exploit these IOCTL codes.