CVE-2024-29216

2024-03-2507:15:50

[email protected]

web.nvd.nist.gov

vulnerability

insufficient access control

ioctl request

arbitrary hardware port

firmware alteration

nvd

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.

Affected configurations

Vulners

Node

sangoma_technologiescg6kwin2k.sysRange<2.1.7.0

CNA Affected

[
  {
    "vendor": " Sangoma Technologies",
    "product": "cg6kwin2k.sys",
    "versions": [
      {
        "version": "prior to 2.1.7.0",
        "status": "affected"
      }
    ]
  }
]