Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.
[
{
"vendor": " Sangoma Technologies",
"product": "cg6kwin2k.sys",
"versions": [
{
"version": "prior to 2.1.7.0",
"status": "affected"
}
]
}
]