Lucene search
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1deNVD:CVE-2023-35841HistoryMay 14, 2024 - 4:15 p.m.
CVE-2023-35841
2024-05-1416:15:36
CWE-782
CWE-732
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de
web.nvd.nist.gov
1
cve-2023-35841
exposed ioctl
insufficient access control
windows
privilege escalation
system firmware
winflash driver
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.5%
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.
Related
cve
cve
CVE-2023-35841
2024-05-14 16:15:36
cvelist
cvelist
CVE-2023-35841 WinFlash Driver Permissions Issue
2024-05-14 14:56:14
vulnrichment
vulnrichment
CVE-2023-35841 WinFlash Driver Permissions Issue
2024-05-14 14:56:14
thn
thn
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
2023-11-02 08:59:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.5%
Related for NVD:CVE-2023-35841