HIGH🇬🇧 English

CVE-2023-35841

CVSS 7.8v3.1pub. 2024-05-14upd. 2025-09-25

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Phoenixtech Winflash

    APP
    Phoenixtech
    < 4.5.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2024-0762HIGH7.5ten sam vendor

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platform...

CVE-2024-1598HIGH7.5ten sam vendor

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.Thi...

CVE-2023-5058HIGH7.8ten sam vendor

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix Secur...

CVE-2023-31100HIGH8.4ten sam vendor

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash mod...

CVE-2024-29980MEDIUM4.6ten sam vendor

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake,...