Lucene search
PhoenixCVELIST:CVE-2023-35841HistoryMay 14, 2024 - 2:56 p.m.
CVE-2023-35841 WinFlash Driver Permissions Issue
2024-05-1414:56:14
CWE-732
CWE-782
Phoenix
www.cve.org
2
cve-2023-35841
exposed ioctl
insufficient access control
phoenix winflash driver
windows
privilege escalation
modification of firmware
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.5%
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WinFlash Driver",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2023-35841
2024-05-14 16:15:36
vulnrichment
vulnrichment
CVE-2023-35841 WinFlash Driver Permissions Issue
2024-05-14 14:56:14
nvd
nvd
CVE-2023-35841
2024-05-14 16:15:36
thn
thn
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
2023-11-02 08:59:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.5%
Related for CVELIST:CVE-2023-35841