USB Device Wireless Key Injection or DoS (MouseJack)

Medium Nessus Plugin ID 88934

Synopsis

The remote host has used a wireless USB keyboard device that is potentially affected by a wireless key injection or denial of service vulnerability.

Description

The remote Windows host has used a wireless USB keyboard device that is potentially affected by a key injection or denial of service vulnerability that allows a physically local attacker to send keystrokes to the host.

Note that Nessus cannot determine when the USB device was last used on the remote host, just that is has been previously used.

Solution

Unplug the wireless USB keyboard device from the host until the vendor issues a firmware update or patch.

See Also

https://www.mousejack.com/

Plugin Details

Severity: Medium

ID: 88934

File Name: mousejack.nasl

Version: Revision: 1.1

Type: local

Agent: windows

Family: Windows

Published: 2016/02/24

Updated: 2016/02/24

Dependencies: 35730

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, Host/EnumUSB

Vulnerability Publication Date: 2016/01/23

Reference Information

CERT: 981271