USB debugging: Unsupported device type issue

This document addresses the specific challenges associated with the handling of Windows Portable Devices via USB debugging by Device Control Plus.

Severity: Low
Reported by: KLNF via ZohoCorp Bug bounty program.

Issue description

Despite an active block policy for a one of the 18 supported device types in place, the data transfer/access happened via the said device.

Root Cause

Windows Portable Devices (WPD) was identified to be accessing the system via USB debugging, which imitated the device type as a different one.

Note: This vulnerability is applicable for both On-Premises and Cloud versions.

Fix build

• 11.3.2400.27 and below upgrade to 11.3.2400.28 - Released on 18 June 2024
• 11.3.2416.08 and below upgrade to 11.3.2416.09 - Released on 21 June 2024

Proposed Solution

To upgrade, follow the steps below:

1. Login to the product console, and click on your current build number in the top right corner.
2. You'll be able to find the latest build applicable to you. Download the PPM and update.

Note: As the supported device types are defined, these types of circumstances where a device type posing as a different one does not fall under the purview of Device Control Plus.

For any further questions or concerns on this, please write to our support team.