2 matches found
CVE-2024-29216
Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware...
Sangoma Technologies CG/MG family driver cg6kwin2k.sys vulnerable to insufficient access control on its IOCTL
Overview CG/MG family driver cg6kwin2k.sys provided by Sangoma Technologies is vulnerable to insufficient access control on its IOCTL CWE-782. Takahiro Haruyama of Broadcom Carbon Black reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By sending a specifi...