CVE-2023-35841

Exploit

EPSS 0.37%
Veröffentlicht 14.05.2024 16:15:36
Zuletzt bearbeitet 25.09.2025 17:10:34
Quelle 22d9ba52-f336-4b0d-bf1f-0efbdc
CVE-Watchlists
Login
Unerledigt
Login

WinFlash Driver Permissions Issue

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phoenixtech ≫ Winflash SwPlatformwindows Version < 4.5.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.288

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CWE-782 Exposed IOCTL with Insufficient Access Control

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html

Third Party Advisory

Exploit

https://jvn.jp/en/vu/JVNVU93886750/index.html

Third Party Advisory

https://www.phoenix.com/security-notifications/cve-2023-35841/

Vendor Advisory

https://phoenixtech.com/phoenix-security-notifications/cve-2023-35841/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-35841

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-35841

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-35841

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-35841