USB Device Wireless Key Injection or DoS (MouseJack)

medium Nessus Plugin ID 88934

Synopsis

The remote host has used a wireless USB keyboard device that is potentially affected by a wireless key injection or denial of service vulnerability.

Description

The remote Windows host has used a wireless USB keyboard device that is potentially affected by a key injection or denial of service vulnerability that allows a physically local attacker to send keystrokes to the host.

Note that Nessus cannot determine when the USB device was last used on the remote host, just that is has been previously used.

Solution

Unplug the wireless USB keyboard device from the host until the vendor issues a firmware update or patch.

See Also

https://www.mousejack.com/

Plugin Details

Severity: Medium

ID: 88934

File Name: mousejack.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 2/24/2016

Updated: 6/1/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Settings/ParanoidReport, Host/EnumUSB

Vulnerability Publication Date: 1/23/2016

Reference Information

CERT: 981271