Carl Hurd of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

NZXT’s CAM computer monitoring software contains multiple vulnerabilities an attacker could use to carry out a range of malicious actions. CAM provides users information on their machines, such as fan speeds, temperature, RAM usage and network activity. The software also holds an inventory of all peripheral devices installed in the PC at a given time.

A specific driver on this software contains several vulnerabilities Cisco Talos recently discovered. If exploited, a malicious user could carry out such actions on the victim machine as elevating their privileges and disclosing sensitive information.

In accordance with our coordinated disclosure policy, Cisco Talos worked with NZXT to disclose these vulnerabilities and ensure that an update is available.

Vulnerability details

NZXT CAM WinRing0x64 driver privileged I/O read IRPs information disclosure vulnerability (TALOS-2020-1110/CVE-2020-13509 - CVE-2020-13511)

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

NZXT CAM WinRing0x64 driver privileged I/O write IRPs privilege escalation vulnerability (TALOS-2020-1111/CVE-2020-13512 - CVE-2020-13514)

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

NZXT CAM WinRing0x64 driver IRP 0x9c40a148 privilege escalation vulnerability (TALOS-2020-1112/CVE-2020-13515)

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

NZXT CAM WinRing0x64 driver IRP 0x9c406144 information disclosure vulnerability (TALOS-2020-1113/CVE-2020-13516)

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

NZXT CAM WinRing0x64 Driver IRP 0x9c406104 information disclosure vulnerability (TALOS-2020-1114/CVE-2020-13517)

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

NZXT CAM WinRing0x64 driver IRP 0x9c402084 information disclosure vulnerability (TALOS-2020-1115/CVE-2020-13518)

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

NZXT CAM WinRing0x64 driver IRP 0x9c402088 privilege escalation vulnerability (TALOS-2020-1116/CVE-2020-13519)

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that these vulnerabilities affect NZXT CAM, version 4.8.0.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 54440 - 54451, 54454, 54456, 54458, 54460, 54461